Tatlı, Emin İslam10.07.20192019-07-1010.07.20192019-07-102015Tatlı, E. İ. (2015). Cracking more password hashes with patterns. IEEE Transactions on Information Forensics and Security, 10(8), 1656-1665. https://dx.doi.org/10.1109/TIFS.2015.24222591556-60131556-6021https://dx.doi.org/10.1109/TIFS.2015.2422259https://hdl.handle.net/20.500.12511/2667WOS: 000359984600009It is a common mistake of application developers to store user passwords within databases as plaintext or only as their unsalted hash values. Many real-life successful hacking attempts that enabled attackers to get unauthorized access to sensitive database entries including user passwords have been experienced in the past. Seizing password hashes, attackers perform brute-force, dictionary, or rainbow-table attacks to reveal plaintext passwords from their hashes. Dictionary attacks are very fast for cracking hashes but their success rate is not sufficient. In this paper, we propose a novel method for improving dictionary attacks. Our method exploits several password patterns that are commonly preferred by users when trying to choose a complex and strong password. In order to analyze and show success rates of our developed method, we performed cracking tests on real-life leaked password hashes using both a traditional dictionary and our pattern-based dictionary. We observed that our pattern-based method is superior for cracking password hashes.eninfo:eu-repo/semantics/embargoedAccessPassword SecurityAuthenticationData SecurityDictionary AttacksHash CrackingArticle1081656166510.1109/TIFS.2015.2422259Q1Q1