Markov, Probabilistic and Rule-Based Password Guessing Methods: Survey and Comparison

Offline password guessing is an important procedure for forensic encrypted data examination where the data must be decrypted first. The most common password guessing attacks are dictionary and brute-force, but the main drawback of a brute-force attack is the size of a set of all possible password candidates, which grows exponentially with the length of the password. The analysis of leaked password databases shows that users tend to use easy-to-remember passwords. It means that many passwords usually consist of a logical structure - they are not just random character sets. Forensic information technology experts could exploit this defect using different offline password guessing strategies relying on new password generation rules, machine learning, and natural language processing. This research offers a survey and comparison of the state-of-the-art password guessing methods such as Rulebased, Markov, Probabilistic Context-Free Grammar which can be applied in forensic IT examinations.