Skip to Main content Skip to Navigation
Conference papers

OMEN: Faster Password Guessing Using an Ordered Markov Enumerator

Markus Duermuth 1 Fabian Angelstorf 1 Claude Castelluccia 2 Daniele Perito 2 Abdelberi Chaabane 2
2 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services
Abstract : Passwords are widely used for user authentication, and will likely remain in use in the foreseeable future, despite several weaknesses. One important weakness is that human-generated passwords are far from being random, which makes them susceptible to guessing attacks. Under-standing the adversaries capabilities for guessing attacks is a fundamental necessity for estimating their impact and advising countermeasures. This paper presents OMEN, a new Markov model-based password cracker that extends ideas proposed by Narayanan and Shmatikov (CCS 2005). The main novelty of our tool is that it generates password candidates according to their occurrence probabilities, i.e., it outputs most likely passwords first. As shown by our extensive experiments, OMEN signifi-cantly improves guessing speed over existing proposals. In particular, we compare the performance of OMEN with the Markov mode of John the Ripper, which implements the password indexing func-tion by Narayanan and Shmatikov. OMEN guesses more than 40% of passwords correctly with the first 90 million guesses, while JtR-Markov (for T = 1 billion) needs at least eight times as many guesses to reach the same goal, and OMEN guesses more than 80% of passwords correctly at 10 billion guesses, more than all probabilistic password crackers we compared against.
Document type :
Conference papers
Complete list of metadatas

Cited literature [20 references]  Display  Hide  Download
Contributor : Claude Castelluccia <>
Submitted on : Monday, February 2, 2015 - 12:01:59 PM
Last modification on : Tuesday, November 19, 2019 - 12:22:14 PM
Document(s) archivé(s) le : Sunday, May 3, 2015 - 10:35:20 AM


Files produced by the author(s)


  • HAL Id : hal-01112124, version 1



Markus Duermuth, Fabian Angelstorf, Claude Castelluccia, Daniele Perito, Abdelberi Chaabane. OMEN: Faster Password Guessing Using an Ordered Markov Enumerator. International Symposium on Engineering Secure Software and Systems, Mar 2015, milan, Italy. ⟨hal-01112124⟩



Record views


Files downloads