A Novel Hybrid Algorithm Based on Word and Method Ranking for Password Security

  • Received : 2023.03.05
  • Published : 2023.03.30


It is a common practice to use a password in order to restrict access to information, or in a general sense, to assets. Right selection of the password is necessary for protecting the assets more effectively. Password finding/cracking try outs are performed for deciding which level of protection do used or prospective passwords offer, and password cracking algorithms are generated. These algorithms are becoming more intelligent and succeed in finding more number of passwords in less tries and in a shorter duration. In this study, the performances of possible password finding algorithms are measured, and a hybrid algorithm based on the performances of different password cracking algorithms is generated, and it is demonstrated that the performance of the hybrid algorithm is superior to the base algorithms.



  1. Samonas, S. and D. Coss, THE CIA STRIKES BACK: REDEFINING CONFIDENTIALITY, INTEGRITY AND AVAILABILITY IN SECURITY. Journal of Information System Security, 2014. 10(3).
  2. Harris, S., CISSP All-in-One Exam Guide, 6th Edition. 2012: McGraw-Hill Osborne Media. 1456.
  3. The 2012 Data Breach Investigations Report - VerizonBusiness. 2013 2020/04/22/; Available from:
  4. Cost of a Data Breach Report 2020 | IBM. 2020 2020/08/18/; Available from:
  5. Swinhoe, D. The 15 biggest data breaches of the 21st century. CSO Online 2020 2020/04/17/; Available from:
  6. Top 10 Largest Data Breaches. 2020 2020/04/22/; Available from:
  7. Kiesnoski, K. 5 of the biggest data breaches ever. CNBC 2019 2020/08/22/; Available from:
  8. Adobe Breach Impacted At Least 38 Million Users - Krebs on Security. 2020 2020/08/22/; Available from:
  9. Scott, C. Protecting Our Members. 2020 2020/08/22/; Available from:
  10. Sanger, D.E., et al. Marriott Data Breach Is Traced to Chinese Hackers as U.S. Readies Crackdown on Beijing. N.Y. Times 2018 2020/08/22/; Available from:
  11. Newcomer, E. Uber Paid Hackers to Delete Stolen Data on 57 Million People. Bloomberg 2017 2020/08/22/; Available from:
  12. McMillan, R. FriendFinder Investigates Report of Breached Accounts. WSJ 2016 2020/08/22/; Available from:
  13. Swinhoe, D. The 15 worst data security breaches of the 21st Century - CSO Online - Security and Risk. 2012 2020/08/22/; Available from:
  14. Adee, S., The Hunt For The Kill Switch. Spectrum, IEEE, 2008. 45(5): p. 34-39.
  15. Metz, C., AAA protocols: authentication, authorization, and accounting for the Internet. IEEE Internet Computing, 1999. 3(6): p. 75-79.
  16. Paolini, A., et al., Authentication, Authorization, and Accounting, in Towards Interoperable Research Infrastructures for Environmental and Earth Sciences. 2020, Springer. p. 247-271.
  17. Aloul, F., S. Zahidi, and W. El-Hajj. Two factor authentication using mobile phones. in 2009 IEEE/ACS International Conference on Computer Systems and Applications. 2009. IEEE.
  18. El Emam, K., K. Moreau, and E. Jonker, How Strong are Passwords Used to Protect Personal Health Information in Clinical Trials? Journal of Medical Internet Research, 2011. 13(1): p. 13-22.
  19. Bonneau, J. and Ieee, The science of guessing: analyzing an anonymized corpus of 70 million passwords, in 2012 Ieee Symposium on Security and Privacy. 2012, Ieee: New York. p. 538-552.
  20. McClure, S., et al., Hacking exposed: network security secrets and solutions. 2009: McGraw-Hill.
  21. Bursztein, E., M. Martin, and J. Mitchell. Text-based CAPTCHA strengths and weaknesses. in Proceedings of the 18th ACM conference on Computer and communications security. 2011.
  22. Ducloyer, S., et al. Hardware implementation of a multi-mode hash architecture for MD5, SHA-1 and SHA-2. in Proceedings on the Design and Architectures for Signal and Image Processing Workshop (DASIP'07). 2007. Citeseer.
  23. Easttom, W., II, Computer Security Fundamentals (2nd Edition). 2011: Pearson IT Certification. 352.
  24. Kalenderi, M., et al. Breaking the GSM A5/1 cryptography algorithm with rainbow tables and high-end FPGAS. in 22nd International conference on field programmable logic and applications (FPL). 2012. IEEE.
  25. Theocharoulis, K., I. Papaefstathiou, and C. Manifavas. Implementing rainbow tables in high-end fpgas for super-fast password cracking. in 2010 International Conference on Field Programmable Logic and Applications. 2010. IEEE.
  26. Kumar, H., et al. Rainbow table to crack password using MD5 hashing algorithm. in 2013 IEEE Conference on Information & Communication Technologies. 2013. IEEE.
  27. Chou, H.C., et al., PASSWORD CRACKING BASED ON SPECIAL KEYBOARD PATTERNS. International Journal of Innovative Computing Information and Control, 2012. 8(1A): p. 387-402.
  28. Schweitzer, D., et al., Visualizing keyboard pattern passwords. Information Visualization, 2011. 10(2): p. 127-133.
  29. Weir, M., et al. Password cracking using probabilistic context-free grammars. in 2009 30th IEEE Symposium on Security and Privacy. 2009. IEEE.
  30. John the Ripper password cracker. 2020 2020/08/22/; Available from:
  31. Narayanan, A. and V. Shmatikov, Fast dictionary attacks on passwords using time-space tradeoff, in Proceedings of the 12th ACM conference on Computer and communications security. 2005, ACM: Alexandria, VA, USA. p. 364-372.
  32. Marechal, S., Advances in password cracking. Journal in Computer Virology, 2008. 4(1): p. 73-81.