Chunk-level Password Strength Meter

1. Chunk-level Password Strength Meter based on CKL_PCFG

Introduction

CKL_PSM is a new password strength meter based on the chunk-level PCFG model (CKL_PCFG). Additionaly, CKL_PCFG employs BPE segmentation algorithm to segment passwords first, then apply the segmented passwords as a novel template to build the CKL_PCFG model. Overall, CKL_PCFG achieves state-of-the-art results on various password guessing scenarios. This CKL_PSM can remind users of vulnerable strings in a password.

For a detailed description or technical details and experimental results, please refer to our paper: Chunk-level Password Guessing: Towards Modeling Refined Password Composition Representations.

1.1 Requirements

• Python3.6 or Python3.8
• Node14.17 and yarn1.22
• Ubuntu20.04 or Windows 10

1.2 Application startup

1.2.1 Back end

cd backend
pip3 install -r requirements
python3 pcfg_server.py  # The default ip:port is <device local ip>:3001, and it MUSE BE <device local ip>:3001

1.2.2 Front end

cd frontend
yarn install
python3 ipconfig.py  # it is the same as: echo <device local ip> > ./src/ip.json
yarn build
yarn global add serve
~/.yarn/bin/serve build  # It will automatically choose a port

1.3 Preview

2. Chunk level PCFG Library (Interface)

Introduction

We also offer a CKL_PCFG library for password strength query. We hope that we can provide an interface for developers to conveniently intergrate into current password managers (e.g., LastPass, Dashlane, 1Password).

2.1 How to build

cd backend
# Install ckl_psm to current python environment
python setup.py install

or install by pip

pip install ckl-psm

2.2 How to use

# Import ckl_psm and make sure you have installed the library
from ckl_psm import ckl_pcfg as psm

# Strength query for given password
result = psm.check_pwd("123456")

# The result is consist of four parts:
print(
    result["guess_number"],
    result["segments"],
    result["chunks"],
    result["prob"]
)

3. Memory pattern recognization code (supplementary)

Introduction

The folder "pattern_recognization" contains scripts that we use to recognize memory pattern in chunks and passwords. We focus on four type patterns in our paper: leet pattern, syllable pattern, keyboard pattern and date pattern. Input the password list and the scripts will output the passwords which meet the specific pattern. Here are details:

pattern_recognization/
├── leet.py         // Leet transformation rule detector. 
└── syllable.py         // Syllable pattern detector(include English syllable words and Chinese Pinyins).
├── kbd.py          // Detect keyboard patterns in chunks. 
├── date.py         // Date pattern recognization for chunks.