{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T14:48:15Z","timestamp":1775746095414,"version":"3.50.1"},"publisher-location":"Cham","reference-count":54,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031514814","type":"print"},{"value":"9783031514821","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-51482-1_9","type":"book-chapter","created":{"date-parts":[[2024,1,10]],"date-time":"2024-01-10T06:02:47Z","timestamp":1704866567000},"page":"164-183","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":23,"title":["PassGPT: Password Modeling and (Guided) Generation with Large Language Models"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2723-7660","authenticated-orcid":false,"given":"Javier","family":"Rando","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8996-5076","authenticated-orcid":false,"given":"Fernando","family":"Perez-Cruz","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5925-3027","authenticated-orcid":false,"given":"Briland","family":"Hitaj","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,1,11]]},"reference":[{"key":"9_CR1","unstructured":"Hashcat: Advanced password recovery. https:\/\/hashcat.net\/hashcat\/"},{"key":"9_CR2","unstructured":"Hashcat: Advanced password recovery - Attacks Wiki. https:\/\/hashcat.net\/wiki\/"},{"key":"9_CR3","unstructured":"Hashcat: Advanced password recovery - Mask attack. https:\/\/hashcat.net\/wiki\/doku.php?id=mask_attack"},{"key":"9_CR4","unstructured":"Hashcat: Advanced password recovery - Rule-based attack. https:\/\/hashcat.net\/wiki\/doku.php?id=rule_based_attack"},{"key":"9_CR5","unstructured":"Hashcat: Advanced password recovery - Slow candidates mode. https:\/\/github.com\/hashcat\/hashcat\/blob\/master\/docs\/slow-candidates-mode.md"},{"key":"9_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1007\/978-3-319-10879-7_13","volume-title":"Security and Cryptography for Networks","author":"DV Bailey","year":"2014","unstructured":"Bailey, D.V., D\u00fcrmuth, M., Paar, C.: Statistics on password re-use and adaptive strength for financial accounts. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 218\u2013235. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-10879-7_13"},{"key":"9_CR7","doi-asserted-by":"crossref","unstructured":"Blocki, J., Harsha, B., Zhou, S.: On the economics of offline password cracking. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 853\u2013871. IEEE (2018)","DOI":"10.1109\/SP.2018.00009"},{"key":"9_CR8","doi-asserted-by":"publisher","first-page":"7327","DOI":"10.1109\/TPAMI.2021.3116668","volume":"44","author":"S Bond-Taylor","year":"2021","unstructured":"Bond-Taylor, S., Leach, A., Long, Y., Willcocks, C.G.: Deep generative modelling: a comparative review of vaes, gans, normalizing flows, energy-based and autoregressive models. IEEE Trans. Pattern Anal. Mach. Intell. 44, 7327\u20137347 (2021)","journal-title":"IEEE Trans. Pattern Anal. Mach. Intell."},{"key":"9_CR9","first-page":"1877","volume":"33","author":"T Brown","year":"2020","unstructured":"Brown, T., et al.: Language models are few-shot learners. Adv. Neural. Inf. Process. Syst. 33, 1877\u20131901 (2020)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"9_CR10","doi-asserted-by":"crossref","unstructured":"de\u00a0Carn\u00e9\u00a0de Carnavalet, X., Mannan, M.: From very weak to very strong: analyzing password-strength meters. In: Network and Distributed System Security Symposium (NDSS 2014). Internet Society (2014)","DOI":"10.14722\/ndss.2014.23268"},{"issue":"1","key":"9_CR11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2739044","volume":"18","author":"XDCD Carnavalet","year":"2015","unstructured":"Carnavalet, X.D.C.D., Mannan, M.: A large-scale evaluation of high-impact password strength meters. ACM Trans. Inf. Syst. Secur. (TISSEC) 18(1), 1\u201332 (2015)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"9_CR12","unstructured":"Castelluccia, C., D\u00fcrmuth, M., Perito, D.: Adaptive password-strength meters from markov models. In: NDSS (2012)"},{"key":"9_CR13","unstructured":"Chowdhery, A., et\u00a0al.: Palm: scaling language modeling with pathways. arXiv preprint arXiv:2204.02311 (2022)"},{"issue":"4","key":"9_CR14","doi-asserted-by":"publisher","first-page":"327","DOI":"10.1109\/TDSC.2006.53","volume":"3","author":"A Ciaramella","year":"2006","unstructured":"Ciaramella, A., D\u2019Arco, P., De Santis, A., Galdi, C., Tagliaferri, R.: Neural network techniques for proactive password checking. IEEE Trans. Depend. Secure Comput. 3(4), 327\u2013339 (2006)","journal-title":"IEEE Trans. Depend. Secure Comput."},{"key":"9_CR15","doi-asserted-by":"crossref","unstructured":"Das, A., Bonneau, J., Caesar, M., Borisov, N., Wang, X.: The tangled web of password reuse. In: NDSS, vol. 14, pp. 23\u201326 (2014)","DOI":"10.14722\/ndss.2014.23357"},{"key":"9_CR16","doi-asserted-by":"crossref","unstructured":"Dell\u2019Amico, M., Michiardi, P., Roudier, Y.: Password strength: an empirical analysis. In: 2010 Proceedings IEEE INFOCOM, pp. 1\u20139. IEEE (2010)","DOI":"10.1109\/INFCOM.2010.5461951"},{"key":"9_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1007\/978-3-319-15618-7_10","volume-title":"Engineering Secure Software and Systems","author":"M D\u00fcrmuth","year":"2015","unstructured":"D\u00fcrmuth, M., Angelstorf, F., Castelluccia, C., Perito, D., Chaabane, A.: OMEN: faster password guessing using an ordered markov enumerator. In: Piessens, F., Caballero, J., Bielova, N. (eds.) ESSoS 2015. LNCS, vol. 8978, pp. 119\u2013132. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-15618-7_10"},{"key":"9_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1007\/0-387-34805-0_6","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings","author":"DC Feldmeier","year":"1990","unstructured":"Feldmeier, D.C., Karn, P.R.: UNIX password security - ten years later. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 44\u201363. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_6"},{"key":"9_CR19","doi-asserted-by":"crossref","unstructured":"Golla, M., Beuscher, B., D\u00fcrmuth, M.: On the security of cracking-resistant password vaults. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications security, pp. 1230\u20131241 (2016)","DOI":"10.1145\/2976749.2978416"},{"key":"9_CR20","doi-asserted-by":"crossref","unstructured":"Golla, M., D\u00fcrmuth, M.: On the accuracy of password strength meters. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1567\u20131582 (2018)","DOI":"10.1145\/3243734.3243769"},{"key":"9_CR21","unstructured":"Goodfellow, I., et al.: Generative adversarial nets. In: Advances in Neural Information Processing Systems, vol. 27. Curran Associates, Inc. (2014). https:\/\/proceedings.neurips.cc\/paper\/2014\/file\/5ca3e9b122f61f8f06494c97b1afccf3-Paper.pdf"},{"key":"9_CR22","unstructured":"Greenbag, A.: Hackers are passing around a megaleak of 2.2 billion records (2019). https:\/\/www.wired.com\/story\/collection-leak-usernames-passwords-billions\/"},{"key":"9_CR23","unstructured":"Gulrajani, I., Ahmed, F., Arjovsky, M., Dumoulin, V., Courville, A.C.: Improved training of wasserstein gans. Adv. Neural Info. Process. Syst. 30 (2017)"},{"key":"9_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1007\/978-3-030-21568-2_11","volume-title":"Applied Cryptography and Network Security","author":"B Hitaj","year":"2019","unstructured":"Hitaj, B., Gasti, P., Ateniese, G., Perez-Cruz, F.: PassGAN: a deep learning approach for password guessing. In: Deng, R.H., Gauthier-Uma\u00f1a, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 217\u2013237. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-21568-2_11"},{"key":"9_CR25","unstructured":"Melicher, W., Ur, B., Segreti, S.M., Komanduri, S., Bauer, L., Christin, N., Cranor, L.F.: Fast, lean, and accurate: modeling password guessability using neural networks. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 175\u2013191 (2016)"},{"issue":"11","key":"9_CR26","doi-asserted-by":"publisher","first-page":"594","DOI":"10.1145\/359168.359172","volume":"22","author":"R Morris","year":"1979","unstructured":"Morris, R., Thompson, K.: Password security: a case history. Commun. ACM 22(11), 594\u2013597 (1979)","journal-title":"Commun. ACM"},{"key":"9_CR27","doi-asserted-by":"crossref","unstructured":"Narayanan, A., Shmatikov, V.: Fast dictionary attacks on passwords using time-space tradeoff. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 364\u2013372 (2005)","DOI":"10.1145\/1102120.1102168"},{"key":"9_CR28","unstructured":"OpenAI: Chatgpt: Optimizing language models for dialogue (2022). https:\/\/openai.com\/blog\/chatgpt\/"},{"key":"9_CR29","unstructured":"Openwall: John the ripper markov generator. https:\/\/openwall.info\/wiki\/john\/markov"},{"key":"9_CR30","unstructured":"Openwall: John the ripper password cracker. https:\/\/www.openwall.com\/john\/"},{"key":"9_CR31","doi-asserted-by":"crossref","unstructured":"Pagnotta, G., Hitaj, D., De\u00a0Gaspari, F., Mancini, L.V.: PassFlow: Guessing passwords with generative flows. In: 2022 52nd Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). pp. 251\u2013262. IEEE (2022)","DOI":"10.1109\/DSN53405.2022.00035"},{"key":"9_CR32","doi-asserted-by":"crossref","unstructured":"Pal, B., Daniel, T., Chatterjee, R., Ristenpart, T.: Beyond credential stuffing: password similarity models using neural networks. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 417\u2013434. IEEE (2019)","DOI":"10.1109\/SP.2019.00056"},{"key":"9_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"502","DOI":"10.1007\/978-3-030-58951-6_25","volume-title":"Computer Security \u2013 ESORICS 2020","author":"D Pasquini","year":"2020","unstructured":"Pasquini, D., Ateniese, G., Bernaschi, M.: Interpretable probabilistic password strength meters via deep learning. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020. LNCS, vol. 12308, pp. 502\u2013522. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-58951-6_25"},{"key":"9_CR34","unstructured":"Pasquini, D., Cianfriglia, M., Ateniese, G., Bernaschi, M.: Reducing bias in modeling real-world password strength via deep learning and dynamic dictionaries. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 821\u2013838 (2021)"},{"key":"9_CR35","doi-asserted-by":"crossref","unstructured":"Pasquini, D., Gangwal, A., Ateniese, G., Bernaschi, M., Conti, M.: Improving password guessing via representation learning. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 1382\u20131399. IEEE (2021)","DOI":"10.1109\/SP40001.2021.00016"},{"key":"9_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"264","DOI":"10.1007\/978-3-642-14081-5_17","volume-title":"Information Security and Privacy","author":"KG Paterson","year":"2010","unstructured":"Paterson, K.G., Stebila, D.: One-time-password-authenticated key exchange. In: Steinfeld, R., Hawkes, P. (eds.) ACISP 2010. LNCS, vol. 6168, pp. 264\u2013281. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14081-5_17"},{"key":"9_CR37","unstructured":"Radford, A., Narasimhan, K., Salimans, T., Sutskever, I., et\u00a0al.: Improving language understanding by generative pre-training (2018)"},{"issue":"8","key":"9_CR38","first-page":"9","volume":"1","author":"A Radford","year":"2019","unstructured":"Radford, A., Wu, J., Child, R., Luan, D., Amodei, D., Sutskever, I., et al.: Language models are unsupervised multitask learners. OpenAI blog 1(8), 9 (2019)","journal-title":"OpenAI blog"},{"key":"9_CR39","doi-asserted-by":"crossref","unstructured":"Rumelhart, D.E., Hinton, G.E., Williams, R.J.: Learning internal representations by error propagation. California Univ San Diego La Jolla Inst for Cognitive Science, Technical report (1985)","DOI":"10.21236\/ADA164453"},{"key":"9_CR40","unstructured":"Sutskever, I., Vinyals, O., Le, Q.V.: Sequence to sequence learning with neural networks. Adv. Neural Inf. Process. Syst. 27 (2014)"},{"key":"9_CR41","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-93158-2","volume-title":"Deep Generative Modeling","author":"JM Tomczak","year":"2022","unstructured":"Tomczak, J.M.: Deep Generative Modeling. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-030-93158-2"},{"key":"9_CR42","unstructured":"Touvron, H., et\u00a0al.: Llama: open and efficient foundation language models. arXiv preprint arXiv:2302.13971 (2023)"},{"key":"9_CR43","unstructured":"Ur, B., et\u00a0al.: How does your password measure up? the effect of strength meters on password creation. In: USENIX Security Symposium, pp. 65\u201380 (2012)"},{"key":"9_CR44","unstructured":"Vaswani, A., et al.: Attention is all you need. Adv. Neural Inf. Process. Syst. 30 (2017)"},{"key":"9_CR45","doi-asserted-by":"publisher","DOI":"10.1007\/b138151","volume-title":"Biometric Systems: Technology, Design and Performance Evaluation","author":"JL Wayman","year":"2005","unstructured":"Wayman, J.L., Jain, A.K., Maltoni, D., Maio, D.: Biometric Systems: Technology, Design and Performance Evaluation. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/b138151"},{"key":"9_CR46","doi-asserted-by":"crossref","unstructured":"Weir, M., Aggarwal, S., De\u00a0Medeiros, B., Glodek, B.: Password cracking using probabilistic context-free grammars. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 391\u2013405. IEEE (2009)","DOI":"10.1109\/SP.2009.8"},{"key":"9_CR47","unstructured":"Wheeler, D.L.: zxcvbn: low-budget password strength estimation. In: USENIX Security Symposium, pp. 157\u2013173 (2016)"},{"key":"9_CR48","unstructured":"Whitney, L.: Billions of passwords leaked online from past data breaches (2021). https:\/\/www.techrepublic.com\/article\/billions-of-passwords-leaked-online-from-past-data-breaches\/"},{"key":"9_CR49","unstructured":"Wikipedia: 2012 linkedin hack (2023). https:\/\/en.wikipedia.org\/wiki\/2012_LinkedIn_hack. Accessed 21 Jan 2023"},{"key":"9_CR50","unstructured":"Wikipedia: Rockyou (2023). https:\/\/en.wikipedia.org\/wiki\/RockYou#Data_breach. Accessed 21 Jan 2023"},{"key":"9_CR51","unstructured":"WikiSkull: Password datasets (2023). https:\/\/wiki.skullsecurity.org\/index.php\/Passwords. Accessed 21 Jan 2023"},{"key":"9_CR52","unstructured":"Wolf, T., et al.: Transformers: state-of-the-art natural language processing. In: Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing: System Demonstrations, pp. 38\u201345. Association for Computational Linguistics (2020). https:\/\/www.aclweb.org\/anthology\/2020.emnlp-demos.6"},{"key":"9_CR53","doi-asserted-by":"crossref","unstructured":"Xu, M., Wang, C., Yu, J., Zhang, J., Zhang, K., Han, W.: Chunk-level password guessing: towards modeling refined password composition representations. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 5\u201320 (2021)","DOI":"10.1145\/3460120.3484743"},{"key":"9_CR54","unstructured":"Yu, J., et al.: Vector-quantized image modeling with improved vqgan. arXiv preprint arXiv:2110.04627 (2021)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2023"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-51482-1_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,10]],"date-time":"2024-01-10T06:05:21Z","timestamp":1704866721000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-51482-1_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031514814","9783031514821"],"references-count":54,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-51482-1_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"11 January 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Hague","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Netherlands","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 September 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 September 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2023.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"478","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"93","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3-4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}