Quanto può essere veloce un'IA nel decifrare una password? Un nuovo studio dimostra le potenzialità di PassGAN.
Artificial intelligence is a very powerful tool that, unfortunately, can quickly fall into the wrong hands. Despite Google’s reassurances about the effectiveness of machine learning and AI against scammers using similar systems for malicious purposes, a study recently published by cybersecurity company Home Security Heroes reveals an alarming detail: An AI can crack a password in less than a minute, depending on its complexity.
How AIs crack passwords
The analysis conducted by HSH took place through the PassGAN generator, based on a Generative Adversarial Network (GAN) and able to exploit it to learn from leaked passwords online and generate other alphanumeric strings to use to protect their accounts. In short, it is a machine learning model that continuously improves the construction of effective passwords, using real data to generate false data.
For this text, Home Security Heroes provided PassGAN with 15,680,000 common passwords from the RockYou dataset. Once the model was trained, the company excluded passwords of less than 4 characters and more than 18 characters, then asked the AI to decrypt other sets.
The result? PassGAN breached 51% of common passwords in less than a minute, reaching a maximum of 81% in less than a month. To decipher a seven-character password, with uppercase letters, lowercase letters, symbols and numbers, it took an average of just under six minutes. The combination of these characters is however very effective, as using eleven the time needed to decipher the code rises to 38 years.
Be careful, however, to use eight characters or less, even complex and random: in this case, the maximum time is just 7 hours. The simplest password that should make you feel safe, finally, is a simple sequence of 14 uppercase and lowercase characters: in that case, AI should take about 827,000 years to crack it.
Home Security Heroes therefore recommends creating a string with a strong pattern, combining at least two uppercase and lowercase letters with numbers and symbols.