Understanding Offline Password-Cracking Methods: A Large-Scale Empirical Study
Table 3
Empirical evaluation of cracking under limited-knowledge.
Targeting datasets
Best64 (%)
OMEN (%)
PCFG (%)
PCFG-4 (%)
FLA (%)
GAN (%)
Trained on Rockyou
163
34.68
35.86
30.01
36.27
47.29
18.15
178
39.82
37.76
38.33
42.08
53.06
19.36
Duowan
25.29
27.80
21.62
27.23
40.92
9.87
CSDN
29.92
30.17
28.70
31.98
36.97
13.28
000Webhost
21.53
14.05
29.21
24.23
28.53
5.44
Gmail
54.09
41.39
56.76
55.88
64.65
23.11
Phpbb
58.46
44.16
59.48
58.95
68.24
27.34
Yahoo
54.38
39.52
59.23
55.66
63.75
21.63
Trained on Xato
163
31.01
33.43
23.86
34.03
45.48
22.48
178
36.79
39.65
34.53
41.83
51.21
23.95
Duowan
21.22
26.12
16.73
25.52
38.42
12.28
CSDN
28.10
29.50
26.21
30.99
35.40
15.11
000Webhost
19.07
13.97
27.07
23.46
26.44
5.18
Gmail
49.36
39.38
51.16
52.45
60.21
23.53
Phpbb
55.84
44.53
55.78
57.54
65.39
29.17
Rockyou
55.69
45.38
57.36
60.06
67.61
30.39
Trained on Yahoo
163
13.54
28.27
13.89
20.62
29.06
13.84
178
19.78
33.75
25.02
28.99
32.07
17.94
Duowan
8.34
20.08
10.30
14.64
18.99
6.52
CSDN
17.25
27.72
18.74
23.77
24.63
6.61
000Webhost
10.40
14.79
20.60
18.85
15.77
8.32
Gmail
31.53
41.49
37.66
42.61
44.86
25.80
Phpbb
37.59
44.73
41.07
46.23
49.30
30.91
Rockyou
37.01
48.60
43.73
50.74
52.84
33.37
Trained on Duduniu
000Webhost
16.69
8.56
20.32
17.50
16.34
4.85
Gmail
44.71
19.90
43.34
40.96
39.98
15.90
Phpbb
51.09
19.90
47.75
45.44
42.34
17.85
Rockyou
52.47
21.62
50.87
48.66
48.75
19.32
163
49.31
48.88
43.20
46.86
54.32
41.89
178
57.30
57.37
54.18
56.77
56.63
48.37
Duowan
43.61
48.02
39.36
43.93
52.29
36.52
CSDN
40.37
42.86
38.71
39.34
46.49
30.86
Trained on CSDN
000Webhost
10.32
5.24
14.29
12.34
12.27
3.47
Gmail
27.10
10.91
27.37
25.93
29.84
9.53
Phpbb
32.36
9.48
30.52
28.92
32.23
8.97
Rockyou
30.75
8.76
30.14
27.51
31.25
9.43
163
38.78
30.64
37.01
37.10
48.89
32.79
178
46.46
37.94
47.34
45.51
54.67
38.25
Duowan
33.29
29.01
34.45
34.15
46.58
27.23
Sinaweibo
43.46
30.81
40.74
40.28
50.54
33.33
Trained on Sinaweibo
000Webhost
14.41
10.18
22.55
20.17
18.06
4.48
Gmail
41.02
31.75
42.99
45.54
48.35
17.36
Phpbb
48.00
35.36
47.47
49.82
53.63
19.62
Rockyou
48.68
38.02
50.49
54.23
57.26
21.48
163
39.76
51.86
35.91
45.97
55.90
40.55
178
45.81
58.42
45.89
53.96
62.52
44.28
Duowan
32.09
48.32
31.27
40.38
52.12
34.85
CSDN
35.09
42.55
35.68
39.46
46.49
29.01
1Each value in this table represents the fraction of passwords been cracked in a dataset (e.g., 34.68% indicates that 34.68 percent passwords of 163 targeting dataset have been cracked by Rockyou-trained Best64).
