Abstract:
The Monte Carlo strength evaluation is widely used in password security research. This method requires the password guessing model to assign a unique guess number to each password when evaluating the number of password guesses. However, the subword (a combination of one or more characters) level password guessing model that appeared in recent years assigns each password one or more guess numbers, leading to the decreased accuracy. To overcome the problem, the optimization of the Monte Carlo strength evaluation for subword-level password guessing models are designed and implemented. The optimization significantly improves the accuracy. For example, under 1011 guesses, the relative error is reduced by 98.73%~99.15%.