Research shows that powerful AI tools such as ChatGPT have been used by cyber attackers to carry out criminal activities, such as developing malware and generating phishing emails. If people's passwords are leaked from the database or compromised, the probability of a cyberattacker using an AI password cracker to guess the password is almost 100%, and more than 50% of them will be cracked within 60 seconds.
AI advancements have greatly improved the efficiency of PassGAN in cracking passwords
Passwords are still the most popular authentication method today, but this is also Begs the question: “Can AI-powered tools crack user passwords?” The answer to this question has been around for six years, and is provided by a research paper on Password Generative Adversarial Networks (PassGAN). Affirmative answer. ChatGPT, which has become popular all over the world recently, eclipses other AI technologies, but to some extent it also makes people worry about information security.
PassGAN is an AI password cracker based on machine learning. It relies on neural networks to replace the work of manually analyzing passwords to crack or guess passwords. The paper on PassGAN mentions existing password guessing tools HashCat and John The Ripper techniques that work well in practice.
The authors of the report "PassGAN: A Deep Learning Method for Password Guessing" are Briland Hitaj, Giuseppe Ateniese (Stevens Institute of Technology), Paolo Gasti (New York Institute of Technology) and Fernando Perez-Cruz (Swiss Data Science Center) Password guessing using machine learning to replace rule-based and simple data-driven techniques such as Markov models is analyzed. They believe that the question people are asking now should not be "Can AI-powered tools crack user passwords?", but "How long does it take for AI-based tools to crack passwords?"
Headquartered in Germany Texas-based cybersecurity startup Home Security Heroes (HAH) studied this problem. The company trained PassGAN using 15.68 million passwords from the RockYou dataset that was leaked in 2009. The study found:
·51% of common passwords can be cracked by PassGAN within one minute.·65% of common passwords can be cracked within one hour.
·71% of common passwords can be cracked within a day.
·81% of common passwords can be cracked within a month.
HSH said, “PassGAN represents a major advancement in password cracking technology. This latest approach uses generative adversarial networks (GANs) to autonomously learn the distribution of real passwords from actual leaked passwords, eliminating the need for manual cryptanalysis. While this makes password cracking faster and more efficient, it is a serious threat to people's information security. ”
HSH’s PassGAN test shows that any 7-character password consisting of numbers, lowercase letters and uppercase letters, and symbols can be cracked in less than 6 minutes. For passwords containing numbers, lowercase letters For 8- and 9-character passwords with uppercase letters and symbols, PassGAN's password guessing time increased to 7 hours and 2 weeks respectively.
Setting stronger passwords can mitigate the damage of AI toolsThis means that it is very easy for people to defeat this cracking tool, all they need to do is set a stronger password. You can refer to the chart below to gauge how secure your password needs to be. For reference, Take using PassGAN to crack an 18-character password as an example:
·If the password only consists of numbers, it is 10 months.·If it is composed of lowercase letters, it is 22 million years.
·If it is composed of lowercase letters and uppercase letters, it is 7.23 billion years.
·If it consists of numbers, lowercase letters and uppercase letters, it is 96 trillion years.
•If it consists of numbers, lowercase letters and uppercase letters and symbols Composition, then 6 billion years.
However, it should be noted that if the password in question was leaked or compromised from the database, AI password crackers like PassGAN ( Even traditional data-driven password crackers) are 100% effective.
How to ensure that AI tools cannot guess passwords? You can refer to the chart below to better understand what constitutes a strong password.
For this reason, network security experts recommend that the following basic principles must be followed when using passwords in the AI era:
·The username must contain at least 15 characters, at least two letters (uppercase and lowercase), numbers and symbols.
·Be careful not to use any obvious password patterns.
·Users should not reuse the same password on multiple accounts/platforms.
·More importantly, users often check whether their passwords have been stolen or leaked. Another option is to change your password every three to six months.
·Recommended to use a password manager and multi-factor authentication.
The above is the detailed content of Behind the ChatGPT penetration network attack: AI password cracker can break more than 50% of ordinary passwords in 60 seconds. For more information, please follow other related articles on the PHP Chinese website!