Multi-Armed Bandit Approach to Password Guessing


Hazel Murray and David Malone, Maynooth University


The multi-armed bandit is a mathematical interpretation of the problem a gambler faces when confronted with a number of different machines (bandits). The gambler wants to explore different machines to discover which machine offers the best rewards, but simultaneously wants to exploit the most profitable machine. A password guesser is faced with a similar dilemma. They have lists of leaked password sets, dictionaries of words, and demographic information about the users, but they do not know which dictionary will reap the best rewards. In this paper, we provide a framework for using the multi-armed bandit problem in the context of the password guesser and use some examples to show that it can be effective.

    author = {Murray, Hazel and Malone, David},
    title = {{Multi-Armed Bandit Approach to Password Guessing}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2020},
    series = {WAY~'20},
    pages = {1--6},
    address = {Virtual Conference},
    month = aug,
    publisher = {}
} % No publisher