一种针对暴力破解的安全口令保管库方案

A SECURE PASSWORD VAULTS SCHEME FOR BRUTE FORCE ATTACK

当前口令管理工具和Web认证系统普遍使用基于PBE标准的加密方式,但是此类方法难以阻止暴力破解技术恢复口令明文,不能保证口令的真正安全。针对此现象,提出一种基于口令云的口令保管库方案。该方案拆分口令信息,将口令管理与保护功能从系统中独立出来,分开存储口令库组成部分并隐藏了计算口令密码相关数据之间的关联。通过对服务器端口令保管库方案的安全性进行定量分析,认为该方案能够大大增强暴力破解验证环节的难度,有效规避口令库泄露后的安全风险。

Current password management tools and Web authentication systems commonly use PBE-based encryption, but such methods are difficult to prevent brute-force technology from recovering plaintext passwords and guaranteeing genuine security. In view of this phenomenon, this paper presents a password-based vault based on password cloud, The scheme splits the password information, isolates the password management and protection functions from the system, separately stores the components of the password library and hides the association between the relevant data when calculating the password. By analyzing the security of the vault scheme, it is considered that the scheme can greatly enhance the difficulty of the crack detection and avoid the security risk after the password database is leaked.