Researchers have developed an AI bot called PassGPT, which is trained to crack passwords by analyzing leaked passwords from various hacks and exploits.
The AI tool, developed by researchers from ETH Zürich, Swiss Data Science Center, and SRI International in New York, is built using the Generative Pre-trained Transformer 2 (GPT-2) large language model, creator Javi Rando said in a recent interview.
The main aim of PassGPT is to decode the cryptic features ingrained in human-generated passwords and provide users with stronger and more complex passwords to use while detecting probable passwords according to a set of inputs.
The innovation in PassGPT lies not only in its predictive ability but also in its unique method of creation.
Unlike previous models that fashioned passwords as complete entities, PassGPT introduces an innovative strategy known as progressive sampling.
This method constructs passwords character by character, ensuring a meticulously complex password.
🔐 Introducing PassGPT🔓
Trained on password leaks, PassGPT can generate 20% more unseen passwords than existing GAN methods.
Joint work with @fperezcruz and @BrilandHitaj.
🧵 Let’s dive into our key contributions. 🧵— Javi Rando (@javi_rando) June 6, 2023
PassGPT Trained on Millions of Leaked Passwords
PassGPT was trained on a collection of millions of previously leaked passwords and is expected to perform better than other models.
“Trained on the RockYou leak, PassGPT can guess 20% more unseen passwords than state-of-the-art GAN models,” Rando said.
Generative Adversarial Networks (GANs) play a vital role in the model’s architecture, which pits the Generator network against the Discriminator network.
In simpler terms, the Generator network creates content so realistic that it can trick the Discriminator network, which is programmed to detect artificial content. With each round of this match, each network learns from its mistakes and improves.
The model’s overall quality enhances until it reaches a point where the Discriminator can hardly differentiate between what’s real and what’s created by the Generator.
PassGPT also has the unique ability to generate passwords that are explicitly probabilistic, allowing it to calculate the probability of any password under the model. This feature is useful in analyzing password strength vulnerabilities.
PassGPT can detect patterns in passwords that may be considered strong by current password strength estimators but are still relatively easy to guess using generative techniques.
PassGPT Can Guess Non-English Passwords As Well
PassGPT has the capacity to learn patterns across multiple languages despite the fact that it is difficult for dictionary-based heuristics to guess passwords written in non-English languages.
“Non-English passwords are hard for dictionary-based heuristics, yet PassGPT learns patterns across multiple languages,” Rando explained.
We reveal patterns that have high probabilities under PassGPT, but are considered strong by state-of-the-art password strength estimators.
For example, non-English passwords are hard for dictionary-based heuristics, yet PassGPT learns patterns across multiple languages.
— Javi Rando (@javi_rando) June 6, 2023
The model also proved its ability to guess new passwords that are not part of its dataset.
PassGPT’s creation is proof that the use of AI models is becoming increasingly prevalent across a range of industries.
As reported, David Rozado, a data scientist based in New Zealand, has created an AI model called RightWingGPT, which promotes conservative views, supporting gun ownership while opposing taxes.
He also announced plans to create additional models, including LeftWingGPT, which will reflect more liberal perspectives, and DepolarizingGPT, which aims to take a “depolarizing” political position.