动态字典破解用户口令与安全口令选择  被引量:2

Password cracking using dynamic dictionary and password selection

在线阅读下载全文

作  者:张学旺[1,2] 孟磊 周印 Zhang Xuewang;Meng Lei;Zhou Yin(School of Software Engineering,Chongqing University of Posts&Telecommunications,Chongqing 400065,China;School of Microelectronics&Communication Engineering,Chongqing University,Chongqing 400044,China)

机构地区:[1]重庆邮电大学软件工程学院,重庆400065 [2]重庆大学微电子与通信工程学院,重庆400044

出  处:《计算机应用研究》2020年第4期1166-1169,共4页Application Research of Computers

基  金:国家自然科学基金项目(61571032);重庆市重点产业共性关键技术创新专项重大主题专项项目(cstc2017 zdcy-zdzxX0013);重庆市教委人文社会科学科研重点项目(18SKGH033)。

摘  要:口令认证一直是最主要的身份认证方式。考虑到口令要满足口令策略和易记忆的要求,用户常常会将个人信息组合起来作为口令。因此,为了调查此类口令的比例,以2011年泄露的四种真实口令集为实验素材,预先设定口令的组合结构和格式,使用程序统计使用个人信息组合作为口令的比例。实验结果表明,使用姓名、电话号码、特殊日期等信息组合而成的口令比例为12.41%~25.53%。根据这一规律,提出了动态字典攻击。攻击者可以在获得用户部分个人信息后,生成具有针对性的动态字词典,并以此来破解用户口令。最后,还讨论了如何选择口令以防止攻击者通过动态字典破解用户口令。Password has always been the one of the most important way for identity authentication.To meet the requirements of password policy and memory,users often combine personal information as their passwords,therefore,in order to investigate the proportion of such passwords.This paper used 4 real password sets leaked in 2011 as experimental materials,preset the combination structure and format of the password and used an application to calculate the proportion of the password combined by personal information.Experimental results show that the proportion of passwords combined with names,phone numbers,special dates and other information is about 12.41% to 25.53%.According to this rule,it proposed dynamic dictionary attack.An attacker can generate a dynamic dictionary and use it to crack the user password,after it obtains some of the user's personal information.At last,this paper discussed that users how to select their passwords to prevent an attacker from cracking their passwords through a dynamic dictionary.

关 键 词:口令安全 动态字典攻击 口令选择 组合口令 

分 类 号:TP309.2[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象