Ricerc@Sapienza

Text-based passwords are the most widely used authentication mechanism. However, passwords suffer from well-known drawbacks and vulnerabilities, mainly due to the limited complexity and inherent structure present in human-generated passwords, which heavily restrict the regions of space in which such passwords reside. Traditional password guessing tools exploit this markedly uneven distribution in the password space to generate high-probability password guesses that fall in the dense areas of the space where human-like passwords reside. These tools are able to approximate the distribution of human-like passwords primarily based on carefully generated rules handcrafted by human experts, which is a laborious task that requires a high level of domain-specific expertise.

To overcome the limitations of traditional tools, recently different unsupervised learning-based approaches to password guessing based on generative models have been proposed. These generative models are carefully designed to autonomously learn structure and patterns that are characteristic of human-generated passwords, with the goal of improving password guessing performance and removing the need for domain-specific expertise. In this project we aim to create a novel generative model architecture based on Generative Flows and study its applicability and performances in the password guessing scenario, comparing our model to other state-of-the-art techniques.