|
|
--- |
|
|
license: apache-2.0 |
|
|
language: |
|
|
- en |
|
|
metrics: |
|
|
- accuracy |
|
|
- precision |
|
|
- f1 |
|
|
library_name: sklearn |
|
|
--- |
|
|
|
|
|
--- |
|
|
π Use Cases |
|
|
|
|
|
| Use Case | Description | |
|
|
|----------------------------------|-------------| |
|
|
| π Password strength scoring | Quantitative scoring (0β10) for any given password | |
|
|
| π§ Risk classification | Categorizes passwords as `Weak`, `Fairly Strong`, `Strong` | |
|
|
| π΅οΈ Threat emulation | Emulates password cracking heuristics to spot vulnerable patterns | |
|
|
| π§° DevSecOps integration | Plug into CI/CD pipelines for password policy enforcement | |
|
|
| π¨βπ» User awareness tools | Build frontend UX tools to give users feedback on password creation | |
|
|
--- |
|
|
|
|
|
--- |
|
|
# π Trace.AI - AI-Powered Password Intelligence Engine |
|
|
|
|
|
**Trace.AI** is an intelligent, ML-driven password checker designed to evaluate the **strength**, **structure**, and **policy compliance** of passwords. |
|
|
Built for modern security infrastructures, it leverages machine learning to identify weak, predictable, or non-compliant passwords |
|
|
based on real-world patterns and security datasets. |
|
|
--- |
|
|
|
|
|
--- |
|
|
## π Core Capabilities |
|
|
|
|
|
### β
Password Strength Classification |
|
|
Trace.AI scores passwords as **Weak**, **Fairly Strong**, or **Strong** using a combination of rule-based feature extraction and machine learning. |
|
|
|
|
|
### π― Pattern Recognition |
|
|
Detects predictable and insecure patterns such as: |
|
|
- Keyboard walks (`qwerty`, `asdf123`) |
|
|
- Common substitutions (`p@ssw0rd`) |
|
|
- Repeated sequences (`abcabc`, `123123`) |
|
|
- Known dictionary or breached password similarities |
|
|
|
|
|
### π Policy Compliance |
|
|
Checks if passwords meet enterprise-grade security policies, including: |
|
|
- Minimum length and entropy |
|
|
- Required character types (upper/lowercase, digit, special) |
|
|
- No whitespace, dictionary words, or reuse |
|
|
--- |
|
|
|
|
|
--- |
|
|
## π Datasets Used |
|
|
|
|
|
Trace.AI was trained using curated, high-quality password datasets: |
|
|
|
|
|
| Dataset | Description | |
|
|
|--------|-------------| |
|
|
| **cleanpasswordlist(modified)** | Real-world passwords list, modified and feature engineered for better prediction and scoring | |
|
|
--- |
|
|
|
|
|
--- |
|
|
## π§ Machine Learning Models |
|
|
|
|
|
Trace.AI supports and evaluates multiple ML models for robustness: |
|
|
|
|
|
| Model | Strengths | Use | |
|
|
|-------|-----------|-----| |
|
|
| **RandomForest** | Non-linear classification, interpretable, fast | Production baseline | |
|
|
| **XGBoost** | Handles imbalance, high accuracy, fast inference | Advanced detection | |
|
|
| **Decision Trees** | Lightweight, interpretable | Edge device / fallback model | |
|
|
|
|
|
All models are trained using engineered features like: |
|
|
- Length, character diversity |
|
|
- Entropy |
|
|
- Keyboard patterns |
|
|
- Regex-based leetspeak and substitution scoring |
|
|
--- |
|
|
|
|
|
--- |
|
|
## Project Goals |
|
|
|
|
|
Trace.AI is engineered to support the following goals: |
|
|
|
|
|
| Feature | Description | |
|
|
|--------|-------------| |
|
|
| π Password Strength Estimator | Predict if password is Weak, Moderate, or Strong | |
|
|
| π§ Pattern Analyzer | Identify insecure sequences, leetspeak, keyboard walks | |
|
|
| π Policy Validator | Check adherence to defined password policies | |
|
|
| π€ Exportable Reports | Download prediction logs for security audits | |
|
|
| π Visual Dashboard | UI-based analysis of strength and structure (via Gradio) | |
|
|
|
|
|
--- |
