Applied Sciences (Jan 2022)

Password Guessability as a Service (PGaaS)

  • Juan Bojato,
  • Daniel Donado,
  • Miguel Jimeno,
  • Giovanni Moreno,
  • Ricardo Villanueva-Polanco

DOI
https://doi.org/10.3390/app12031562
Journal volume & issue
Vol. 12, no. 3
p. 1562

Abstract

Read online

This paper presents an adaptable password guessability service suited for different password generators according to what a user might need when using such a service. In particular, we introduce a flexible cloud-based software architecture engineered to provide an efficient and robust password guessability service that benefits from all the features and goals expected from cloud applications. This architecture comprises several components, featuring the combination of a synthetic dataset generator realized via a generative adversarial network (GAN), which may learn the distribution of passwords from a given dictionary and generate high-quality password guesses, along with a password guessability estimator realized via a password strength estimation algorithm. In addition to detailing the architecture’s components, we run a performance evaluation on the architecture’s key components, obtaining promising results. Finally, the complete application is delivered and may be used by a user to estimate the strength of a password and the time taken by an average computer to enumerate it.

Keywords