Understanding Offline Password-Cracking Methods: A Large-Scale Empirical Study
Table 2
Empirical evaluation of cracking under extensive-knowledge.
Training datasets
Best64 (%)
OMEN (%)
OMEN-5 (%)
PCFG (%)
PCFG-4 (%)
FLA (%)
GAN (%)
163
52.92
52.09
46.15
57.91
60.44
56.75
40.34
Duduniu
60.88
43.74
44.12
51.55
52.54
49.12
34.06
178
72.77
63.96
64.28
67.36
69.39
77.49
49.51
CSDN
46.75
41.09
38.81
47.02
47.25
56.80
31.90
Sinaweibo
53.75
56.97
55.94
49.64
58.38
67.10
43.61
Duowan
40.96
49.88
46.35
41.33
49.04
58.55
30.71
Rockyou
67.60
53.36
55.46
69.34
69.99
77.91
32.34
000Webhost
43.37
16.56
17.81
30.26
35.35
16.39
7.94
Xato
61.34
47.90
47.73
60.33
62.35
68.63
32.92
Gmail
52.32
45.74
50.05
54.72
57.27
63.22
28.83
Yahoo
38.66
42.46
43.46
48.27
49.61
50.27
26.12
Phpbb
40.93
54.49
44.92
43.21
53.11
51.42
37.80
1Each value in this table represents the fraction of passwords been cracked in a dataset (e.g., 52.93% means that 52.92 percent passwords of 163 targeting dataset have been cracked by 163-trained Best64).
