CN103873226B - Method is obscured at random for user cipher - Google Patents
Method is obscured at random for user cipher Download PDFInfo
- Publication number
- CN103873226B CN103873226B CN201410131558.3A CN201410131558A CN103873226B CN 103873226 B CN103873226 B CN 103873226B CN 201410131558 A CN201410131558 A CN 201410131558A CN 103873226 B CN103873226 B CN 103873226B
- Authority
- CN
- China
- Prior art keywords
- random
- user
- value
- password
- obscured
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
At random obscure method for user cipher the invention discloses a kind of, comprise the following steps;The first step, one piece of rectangular area is generated as obscuring value pickup area at random in enrollment page;After second step, user arrange initial password, operated value pickup area is obscured at random;3rd step, collection user are to obscuring the peration data of value acquisition zone, the eap-message digest of the random scramble data of generation at random;4th step, server generate random digit;5th step, the initial password that user is arranged is obscured by the eap-message digest and random digit of random scramble data.The present invention itself does not generate password, simply the password of user is obscured so as to which the hashed value under server end kind greatly dissipates, avoid being inverted by MD5 data bases, after customer data base is cracked, remain able to effectively hide user password information, ensure the safety of user and website.
Description
Technical field
The present invention relates to data processing field, especially user information database cipher processing method.
Background technology
The Internet and mobile Internet application at present is developed rapidly, and substantial amounts of traditional business is all being transplanted to the Internet, people
In daily life can due to life or requirements of one's work register personal information in website miscellaneous or mobile phone application,
The private informations such as personal identity card, bank account, telephone number, address are directed to, the leakage of these information can be to user
Life causes certain puzzlement.More serious situation is, once user's password on store, transaction class website is revealed, to cause
Situations such as account balance is stolen, sequence information is changed, also brings greatly economic damage to website operator simultaneously to user
Lose.In general, the leakage of user cipher is that user itself is caused to the mishandling of mode such as password preservation, settings, this
The leakage for planting personal user's password causes certain infringement in itself to user, but affects and little in application or website aspect.Also
There is a kind of password to reveal to cause as Website server maintenance is improper, such as database access strategies are improper, and data base is close
Code is arranged, deposits improper.In this case, tricker once steals the data record of user message table, will be according to user
The password field of information table, reduces the website password of all users, and pretends to be User logs in, user and website operator are caused
Great economic loss.
Current web, has been abandoned bright except the not strong enterprise of indivedual technical strength substantially when user cipher is deposited
Literary location mode, generally using the method for storage cryptographic Hash, hides user cipher to reach on certain level of security
Effect, current cryptographic hash method are mainly MD5.However as the foundation of some MD5 data bases on the Internet, this method
Seem that less effectively, most users do not have good custom and safety consciousness when password is arranged, and are often had using some
The word for having nature semantic or combinations of words as password, the employing word and the syntagmatic of birthday of complicated point as password,
The corresponding hashed value of this password is easily found in MD5 data bases, after tricker obtains user message table data, it is only necessary to
Simply carry out that MD5 is counter to be looked into, can just obtain most of user's initial passwords, therefore this deposited using direct, simple MD5 hashed values
The method for putting user cipher can not meet the needs that current complex network environment is processed to user cipher.
Number of site is effectively improved to this, such as the way to user's initial password " salt adding ", i.e., take in website
When business device storage user cipher, random number is implanted in user's initial password, make on the server user cipher to reach
The purpose of complication.But the random salt that Website server side generates is due to being that auto-mechanism is completed, largely with puppet
Randomness, thus while the purpose for raising safe threshold can be played, but randomness is still not strong enough, upsets cryptographic Hash
Result do not include ideal.
The content of the invention
The present invention is to solve the above problems, there is provided a kind of to participate in generating password salt by user, avoids using from generting machanism
Family thinks hard thinking deeply, and produces password salt by unconscious behavior, coordinates the password salt of server end on this basis, so as to
At random obscure method for user cipher to safer.
The present invention's obscures method at random for user cipher, comprises the following steps;
The first step, one piece of rectangular area is generated as obscuring value pickup area at random in enrollment page;
After second step, user arrange initial password, operated value pickup area is obscured at random;
3rd step, collection user are plucked to obscuring the peration data of value acquisition zone, the message of the random scramble data of generation at random
Will;
4th step, server generate random digit;
5th step, the initial password that user is arranged is mixed by the eap-message digest and random digit of random scramble data
Confuse.
Preferably, it is generated by javascript or flash to obscure value pickup area in the first step at random
Individual rectangular area, the rectangular area are a white spaces.
Preferably, in the second step, user to click on or can be dragged in the operation for obscuring value acquisition zone at random.
Preferably, the eap-message digest of the random scramble data of the 3rd step is by the user for collecting is mixed to random
The click of value of confusing acquisition zone or drag operation data carry out MD5 computings and draw.
Preferably, the random digit of the 4th step is the pseudo random number generated by PRNG.
Preferably, the 5th step includes following process:
The eap-message digest and random digit of random scramble data are connected by character string, MD5 computings is then carried out, is obtained most
Value is obscured at random eventually;
This is finally obscured value at random user data table is stored in as a field;
The password field of the initial password that user is arranged and value is obscured at random finally be attached, then carry out MD5 fortune
Calculate, obtain password effect value, be stored in user message table.
Beneficial effects of the present invention:The present invention itself does not generate password, and simply the password of user is obscured so as to
Hashed value under server end kind greatly dissipates, it is to avoid inverted by MD5 data bases, after customer data base is cracked,
Remain able to effectively hide user password information, ensure the safety of user and website.
Specific embodiment
With specific embodiment, the invention will be further elaborated below.
The present invention's obscures method at random for user cipher, comprises the following steps;
The first step, one piece of rectangular area is generated as obscuring value pickup area at random in enrollment page;
After second step, user arrange initial password, operated value pickup area is obscured at random;
3rd step, collection user are plucked to obscuring the peration data of value acquisition zone, the message of the random scramble data of generation at random
Will;
4th step, server generate random digit;
5th step, the initial password that user is arranged is mixed by the eap-message digest and random digit of random scramble data
Confuse.
It is the rectangle region generated by javascript or flash to obscure value pickup area in the first step at random
Domain, the rectangular area are a white spaces, monitor the events such as mouse click thereon, dragging;User in the second step
To click on or can drag in the operation for obscuring value acquisition zone at random.The eap-message digest of the random scramble data of the 3rd step
It is to carry out MD5 computings by the click or drag operation data by the user for collecting to obscuring value acquisition zone at random to draw.
The random digit of the 4th step is the pseudo random number generated by PRNG.5th step includes mistake as follows
Journey:The eap-message digest and random digit of random scramble data are connected by character string, MD5 computings are then carried out, obtain it is final with
Machine obscures value;This is finally obscured value at random user data table is stored in as a field;The initial password that user is arranged
Password field and value is obscured at random finally be attached, then carry out MD5 computings, obtain password effect value, be stored in user profile
Table.
First, on the user's registration page, website while user's registration list is provided, by javascript or
Flash provides the user a rectangular area as value acquisition zone is obscured at random, and the rectangular area is a white space, is not had
Any pattern or text, the effect in the region is the click thereon of monitoring users mouse and dragging event, random as one
The foundation captured information of event;
User is filled in after improving log-on message, before registration is submitted to was needed voluntarily to be generated and obscure at random value, Front End
It is required that user carries out unconscious click, drag operation on value acquisition zone is obscured at random, this behavior becomes user and mixes at random
Confuse behavior, the termination condition of the behavior is N second(Or the quantity of information collected fills up a character space, specifically terminate mark
Knowledge is determined as needed by implementor).User is obscured after behavior terminates at random, obscures the row that value acquisition zone can record user at random
For, and the character set that the behavior produces is submitted to into server for single with user message table;
Server generates a random number first against this user's registration behavior when user's registration list is processed, should
Random number is generated by random number generator, and length is variable, then has front end to obscure the collection of value acquisition zone at random with enrollment form
User's random information coupled together by character string mode, then carry out MD5 calculating, obtain a hashed value, the hashed value
Value is finally obscured as user cipher;
This has finally been obscured since value is connected with user cipher by server, is carried out MD5 calculating again, is obtained final password
Check value;
Last server registers customers as the log-on message in list(Except user cipher), final cryptographic check value and
Finally obscure value and be saved into user message table, user registration course terminates.
When users log on, the password that user is submitted to by server has been connected with the value of finally obscuring in user message table
Come, carry out MD5 calculating, if the result for obtaining is consistent with the cryptographic check value recorded in user message table, show current use
Family is real user, rather than tricker.
Tricker still may by password dictionary is done it is exhaustive come it is single attempt cracking user cipher, but this behavior
Can only carry out for unique user, in the case where existing login times are limited and coordinated with login authentication code, this method is no longer
Effectively.Further, even if hacker drags the customer data base of website away, user's original password still cannot be felt out, it is this
Method can be very effective guarantee Internet enterprises data safety.
One of ordinary skill in the art will be appreciated that embodiment described here is to aid in reader and understands this
Bright principle, it should be understood that protection scope of the present invention is not limited to such especially statement and embodiment.This area
It is each that those of ordinary skill can make various other without departing from essence of the invention according to these technologies enlightenment disclosed by the invention
Plant concrete deformation and combine, these deformations and combination are still within the scope of the present invention.
Claims (5)
1. it is a kind of to obscure method at random for user cipher, it is characterised in that to comprise the following steps;
The first step, one piece of rectangular area is generated as obscuring value pickup area at random in enrollment page;
After second step, user arrange initial password, operated value pickup area is obscured at random;
User carries out unconscious click, drag operation on value acquisition zone is obscured at random;
3rd step, collection user are to obscuring the peration data of value acquisition zone, the eap-message digest of the random scramble data of generation at random;
4th step, server generate random digit;
5th step, the initial password that user is arranged is obscured by the eap-message digest and random digit of random scramble data.
2. be directed to user cipher as claimed in claim 1 obscures method at random, it is characterised in that:It is random in the first step
It is the rectangular area generated by javascript or flash to obscure value pickup area, and the rectangular area is one blank
Region.
3. be directed to user cipher as claimed in claim 1 obscures method at random, it is characterised in that:3rd step it is random
The eap-message digest of scramble data be by by the user for collecting to obscuring click or the drag operation number of value acquisition zone at random
Draw according to MD5 computings are carried out.
4. be directed to user cipher as claimed in claim 1 obscures method at random, it is characterised in that:4th step it is random
Numeral is the pseudo random number generated by PRNG.
5. be directed to user cipher as claimed in claim 1 obscures method at random, it is characterised in that:5th step include as
Lower process:
The eap-message digest and random digit of random scramble data are connected by character string, MD5 computings are then carried out, obtain it is final with
Machine obscures value;
This is finally obscured value at random user data table is stored in as a field;
The password field of the initial password that user is arranged and value is obscured at random finally be attached, then carry out MD5 computings, obtain
To password effect value, user data table is stored in.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410131558.3A CN103873226B (en) | 2014-04-02 | 2014-04-02 | Method is obscured at random for user cipher |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410131558.3A CN103873226B (en) | 2014-04-02 | 2014-04-02 | Method is obscured at random for user cipher |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103873226A CN103873226A (en) | 2014-06-18 |
| CN103873226B true CN103873226B (en) | 2017-03-29 |
Family
ID=50911377
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410131558.3A Active CN103873226B (en) | 2014-04-02 | 2014-04-02 | Method is obscured at random for user cipher |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103873226B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180205543A1 (en) * | 2015-08-13 | 2018-07-19 | Inexto Sa | Enhanced obfuscation or randomization for secure product identification and verification |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101576919A (en) * | 2009-06-19 | 2009-11-11 | 用友软件股份有限公司 | Mark generating method and device |
| CN102541509A (en) * | 2012-01-13 | 2012-07-04 | 河南科技大学 | True random number generation method based on chaotic encryption |
| CN103077342A (en) * | 2011-10-25 | 2013-05-01 | 成都谛听科技有限公司 | Method for inputting graphic random passwords |
| CN103297391A (en) * | 2012-02-27 | 2013-09-11 | 成都谛听科技有限公司 | Graphical dynamic password inputting and verifying method |
| CN103368975A (en) * | 2013-07-31 | 2013-10-23 | 飞天诚信科技股份有限公司 | Method and system for safe transmission of batch of data |
| CN103427979A (en) * | 2013-06-09 | 2013-12-04 | 浙江工业大学 | Internet picture transparent and safe transmission method based on chaotic encryption |
| US8898476B1 (en) * | 2011-11-10 | 2014-11-25 | Saife, Inc. | Cryptographic passcode reset |
-
2014
- 2014-04-02 CN CN201410131558.3A patent/CN103873226B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101576919A (en) * | 2009-06-19 | 2009-11-11 | 用友软件股份有限公司 | Mark generating method and device |
| CN103077342A (en) * | 2011-10-25 | 2013-05-01 | 成都谛听科技有限公司 | Method for inputting graphic random passwords |
| US8898476B1 (en) * | 2011-11-10 | 2014-11-25 | Saife, Inc. | Cryptographic passcode reset |
| CN102541509A (en) * | 2012-01-13 | 2012-07-04 | 河南科技大学 | True random number generation method based on chaotic encryption |
| CN103297391A (en) * | 2012-02-27 | 2013-09-11 | 成都谛听科技有限公司 | Graphical dynamic password inputting and verifying method |
| CN103427979A (en) * | 2013-06-09 | 2013-12-04 | 浙江工业大学 | Internet picture transparent and safe transmission method based on chaotic encryption |
| CN103368975A (en) * | 2013-07-31 | 2013-10-23 | 飞天诚信科技股份有限公司 | Method and system for safe transmission of batch of data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103873226A (en) | 2014-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Plohmann et al. | A comprehensive measurement study of domain generating malware | |
| Wiefling et al. | Is this really you? An empirical study on risk-based authentication applied in the wild | |
| Polakis et al. | All your face are belong to us: Breaking facebook's social authentication | |
| CN104348609B (en) | A kind of Password Management algorithm of non-memory | |
| KR20070040539A (en) | Method of protecting hacking of a key input by using authorization of keyboard data | |
| Pantic et al. | Covert botnet command and control using twitter | |
| Abu-Shanab et al. | Security and Fraud Issues of E-banking | |
| CN102867155A (en) | Multiple-encryption and graded-management method for electronic files | |
| CN103220288A (en) | Safe-operation method of social platform | |
| CN109829333A (en) | A kind of key message guard method and system based on OpenID | |
| Reichardt | Nonequivalent group design | |
| Latchoumi et al. | Synthetic Identity of Crime Detection | |
| CN106330972A (en) | Method for protecting website password of user | |
| CN107742068A (en) | A kind of implicit identity authorization system of the multi-source of smart machine and method | |
| CN103873226B (en) | Method is obscured at random for user cipher | |
| Kovacs | Here there be Dragons: Evolution, Potentials and Mitigation Opportunities of Cybercrime in Nigeria: A Review, Analysis, and Evaluation | |
| Furnell et al. | Aligning security practice with policy: guiding and nudging towards better behavior | |
| KR20170016821A (en) | Server system, communication system, communication terminal device, program, recording medium, and communication method | |
| Bolbol et al. | Mitigating web scrapers using markup randomization | |
| CN101369891A (en) | Dynamic cipher authentication method and double-matrix dynamic password card | |
| CN105450672B (en) | A kind of the internal network security transmission method and system of financial data | |
| Wilbanks | Cyber risks in social media | |
| Imamaliyev et al. | Analysis password-based authentication systems with password policy | |
| Rodwald | Attack on Students’ Passwords, Findings and Recommendations | |
| CN103200180A (en) | Method and system of protecting network behavior through user recognition |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |