🚀 PassGPT
PassGPT is a causal language model trained on password leaks, aiming to contribute to password - related research in the field of cybersecurity.
🚀 Quick Start
PassGPT is a causal language model trained on password leaks. It was first introduced in this paper. This version of the model was trained on passwords from the RockYou leak, after filtering those that were at most 16 characters long. You can also access PassGPT trained on passwords up to 10 characters long, without restrictions here.
✨ Features
- Curated Model: This is a curated version of the model reported in the paper. Vocabulary size was reduced to the most meaningful characters and training was slightly optimized. Results are slightly better with these architectures.
- Inherited Architecture: The model inherits the GPT2LMHeadModel architecture and implements a custom BertTokenizer that encodes each character in a password as a single token, avoiding merges.
📦 Installation
No specific installation steps are provided in the original document, so this section is skipped.
💻 Usage Examples
Basic Usage
Passwords can be sampled from the model using the built - in generation methods provided by HuggingFace and using the "start of password token" as seed (i.e. <s>). This code can be used to generate one password with PassGPT. Note you may need to generate an [access token](https://huggingface.co/docs/hub/security - tokens) to authenticate your download.
from transformers import GPT2LMHeadModel
from transformers import RobertaTokenizerFast
tokenizer = RobertaTokenizerFast.from_pretrained("javirandor/passgpt-16characters",
use_auth_token="YOUR_ACCESS_TOKEN",
max_len=18,
padding="max_length",
truncation=True,
do_lower_case=False,
strip_accents=False,
mask_token="<mask>",
unk_token="<unk>",
pad_token="<pad>",
truncation_side="right")
model = GPT2LMHeadModel.from_pretrained("javirandor/passgpt-16characters", use_auth_token="YOUR_ACCESS_TOKEN").eval()
NUM_GENERATIONS = 1
g = model.generate(torch.tensor([[tokenizer.bos_token_id]]),
do_sample=True,
num_return_sequences=NUM_GENERATIONS,
max_length=18,
pad_token_id=tokenizer.pad_token_id,
bad_words_ids=[[tokenizer.bos_token_id]])
g = g[:, 1:]
decoded = tokenizer.batch_decode(g.tolist())
decoded_clean = [i.split("</s>")[0] for i in decoded]
print(decoded_clean)
Advanced Usage
You can find a more flexible script for sampling here.
📚 Documentation
Model description
The model inherits the GPT2LMHeadModel architecture and implements a custom BertTokenizer that encodes each character in a password as a single token, avoiding merges. It was trained from a random initialization, and the code for training can be found in the official repository.
Password Generation
Passwords can be sampled from the model using the built - in generation methods provided by HuggingFace and using the "start of password token" as seed (i.e. <s>).
Usage and License Notices
PassGPT is intended and licensed for research use only. The model and code are CC BY NC 4.0 (allowing only non - commercial use) and should not be used outside of research purposes. This model should never be used to attack real systems. Access will be granted upon request. Please, make sure to indicate the details and scope of your project.
Cite our work
@article{rando2023passgpt,
title={PassGPT: Password Modeling and (Guided) Generation with Large Language Models},
author={Rando, Javier and Perez - Cruz, Fernando and Hitaj, Briland},
journal={arXiv preprint arXiv:2306.01545},
year={2023}
}
Additional Information
| Property |
Details |
| Model Type |
Causal language model |
| Training Data |
Passwords from the RockYou leak (filtered passwords at most 16 characters long, also available for passwords up to 10 characters long) |
⚠️ Important Note
PassGPT is intended and licensed for research use only. The model and code are CC BY NC 4.0 (allowing only non - commercial use) and should not be used outside of research purposes. This model should never be used to attack real systems. Access will be granted upon request. Please, make sure to indicate the details and scope of your project.
💡 Usage Tip
You may need to generate an [access token](https://huggingface.co/docs/hub/security - tokens) to authenticate your download when using the model.
%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
