Using Neural Networks to generate human readable passwords

Using Neural Networks to generate human readable passwords


There has been a lot of fuss about neural networks for the last couple of years. For those who don’t know what neural networks are, just consider them a robot/computer program that can learn a few things by watching/reading them. This is a weird definition of neural networks but it will do the trick for those who have no idea what a neural network is.

Now recently, there was a paper on Password Guessability Using Neural Networks that won the best paper award in Usenix conference. I was reading the paper and I thought about implementing such an algorithm but just to generate passwords. Their goal was different, mine was different. The idea is that most of the random password generators don’t generate passwords that humans can read. What if we can get a program to generate good and secure passwords that a human can read and understand. Won’t that be a good thing? I think it will be. Below is a little progress towards my idea.

So, lets dive into our neural network.

Using Neural Networks to generate Human readable Passwords

The keras library of python had some nice implementation of a recurrent neural network for generating text. I used the same code. The code is provided here.

https://github.com/fchollet/keras/blob/master/examples/lstm_text_generation.py

Since we want to generate passwords character by character, I had to set step to 1 to get good results.

Running the script:

I loaded my passwords file containing 1 million passwords (you can get any file from seclists github) and started the training. After 7 iterations, I stopped to script and separated the results into a text file.

Lets see how our neural network generated the passwords:

Looking at a few passwords, we see that the neural network has somewhat understood that most people use passwords with digits in the end and characters at the beginning. Now, these above passwords are not present in the training file and although they are not completely human readable, some of them do make sense. These are new human readable passwords. That seems interesting. No?

The complete list of around 700 passwords generated by the neural network is here.

That’s it from me. It was a fun project that I think can turn into a good password recommendation system. One great use case for this can be a recommendation system where we train our neural network with very secure but human readable passwords and ask it to generate new passwords based on the training set.

Let me know what do you think.

+ There are no comments

Add yours