摘要
随着互联网各平台相继以形式化手段"禁止"设置弱口令,令不法分子暴力破解密码的难度再度升级。因各平台密码的要求并非统一,加剧了用户进行密码设置和记忆的难度;但若降低记忆难度,范用一个"健壮"密码,则会导致撞库风险的存在。本文从社会工程学的角度分析密码破解问题,进而分析目前密码设置所面临的风险和密码保管的困境。提出基于场景、树状结构、编码和扩散混淆的四种密码设置方法,并研究出一套自建密码设置模型和二次处理加记录的密码保管方法。
As various platforms on the Internet successively " forbid" setting weak passwords by formal means,the difficulty of violent cracking of passwords by criminals has once again escalated. Because the password requirements of each platform are not uniform,it makes it more difficult for users to set and remember passwords. However,if the difficulty of memory is reduced,using a " robust" password will lead to the risk of colliding with the library. Now we analyze the problem of password cracking from the perspective of social engineering,and then analyze the risks faced by the current password setting and the dilemma of password storage. Four password setting methods based on scene,tree structure,encoding and diffusion ambiguity are proposed,and a selfbuilt password setting model and a password storage method of secondary processing record are developed.
作者
张硕
吴瑕
ZHANG Shuo;WU Xia(School of Cyber Security and Information Law,Chongqing University of Posts and Telecommunications,Chongqing 400065,China)
出处
《智能计算机与应用》
2020年第10期59-64,70,共7页
Intelligent Computer and Applications
基金
重庆市社会科学规划项目(2014YBFX103)
重庆市渝北区法学会项目(E2018-88)
重庆市创业训练项目(S201910617048X)。
关键词
社会工程学
密码
暴力破解
Social engineering
Password
Brute force attacks
