Publication Details
Beyond the Dictionary Attack: Enhancing Password Cracking Efficiency through Machine Learning-Induced Mangling Rules
In the realm of digital forensics, password recovery is a critical task,
with dictionary attacks remaining one of the oldest yet most effective
methods. These attacks systematically test strings from pre-defined
wordlists. To increase the attack power, developers of cracking tools
have introduced password-mangling rules that apply additional
modifications like character swapping, substitution, or capitalization.
Despite several attempts to automate rule creation that have been
proposed over the years, creating a suitable ruleset is still a
significant challenge. The current state-of-the-art research lacks a
deeper comparison and evaluation of the individual methods and their
implications. In this paper, we introduce RuleForge, an ML-based
mangling-rule generator that integrates four clustering techniques, 19
mangling rule commands, and configurable rule-command priorities. Our
contributions include advanced optimizations, such as an extended rule
command set and improved cluster-representative selection. We conduct
extensive experiments on real-world datasets, evaluating clustering
methods in terms of time, memory use, and hit ratios. Our approach,
applied to the MDBSCAN method, achieves up to an 11.67%pt. higher hit
ratio than the best yet-known state-of-the-art solution.
@inproceedings{BUT193356,
author="Radek {Hranický} and Lucia {Šírová} and Viktor {Rucký}",
title="Beyond the Dictionary Attack: Enhancing Password Cracking Efficiency through Machine Learning-Induced Mangling Rules",
year="2026",
url="https://www.fit.vut.cz/research/publication/13282/"
}