CN101025874A - Method for generating meaningless password using logical expression - Google Patents
Method for generating meaningless password using logical expression Download PDFInfo
- Publication number
- CN101025874A CN101025874A CN 200610008022 CN200610008022A CN101025874A CN 101025874 A CN101025874 A CN 101025874A CN 200610008022 CN200610008022 CN 200610008022 CN 200610008022 A CN200610008022 A CN 200610008022A CN 101025874 A CN101025874 A CN 101025874A
- Authority
- CN
- China
- Prior art keywords
- password
- sentence
- user
- function
- input
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
A method of using the logical sentence to produce meaningless passwords, takes the long sentence as seeds to input into the pseudo-random function creating passwords. The sentence is selected from words convenient to acquire or remembered in the personal memory, which is changed a little as the input seeds. In addition, the pseudo-random function is based on the one-way hash function. For example, the poem 'sunset depends on the mountain, Yellow River goes to the sea, if you want to see more faraway, please step on a higher level' can be input as the function seeds. Moreover, users can make different settings: such as the replacement of 'Yellow River' by 'Yangtze River', or the change of date, login name of the host, thereby function seed is more difficult.
Description
Technical field
Thereby the present invention relates to a kind ofly produce the method that nonsense codon increases computer system security, relate in particular to the method that a kind of invador of preventing or jactitator obtain user's account password with diction sentence with logic.
Background technology
Any server all must expose the communication port that service is provided on the internet to the open air.The communication port that exposes to the open air becomes one of target of malicious attack, and assailant's attack may cause user data illegally to be consulted, Website page is modified, server is worked as pernicious consequences such as machine.
Therefore, the preventing malice that takes safety measures is attacked and have been become the factor that the all-network system must consider.Recent decades, access to your password as the basic framework that authenticates on the information security.Generally speaking, individual (principal) (as the user) of safety needs the title and the password of input system authentication simultaneously, to obtain the right to use of this system resource.This group name claims the combination with password, is the account that the open system specified permission uses.
Yet any user's of only depending on title and password can be opened the Verification System of authority, all are exposed to the target of attack of wanting to become the invador.The account method that cracks computer server has multiple.In general, user's title is the easiest is usually determined or is obtained by unauthorized people.For instance, user's title of e mail address Chang Zuowei account.Password then mainly cracks acquisition by three kinds of modes, and one is separated simple challenge for guessing, it two is a dictionary attack, and it three is Brute Force, and is as described below.
Many people are for convenient memory, use own or household's birthday, telephone number, room number, simple digital or select numeral in the ID (identity number) card No. as password, even in all systems, all use same group of password, use default number of the account of former factory and password, or very easily password is told others, the password memorandum is ensconced mouse pad down or be attached to by the screen, or use " password " as password, and even do not establish password, these situations are the invador and guess the simple instruction of separating easily.
Other has a kind of people is password with the permutation and combination of English-word and arabic numeral or girl friend, boyfriend, son, daughter's name.Therefore, if above-mentioned guess that separating simple challenge attacks failure after, the invador will use dictionary attack, promptly utilize program to attempt every kind of possibility of the word in the dictionary.Dictionary attack can utilize repeat logon, or the password of collect encrypting, and attempt and encrypt after dictionary in word matched.The invador of these malice is that the basis is cracked with the dictionary of english dictionary/dictionary or other Languages usually.In addition, it also uses the database of each category dictionary, for example: the database of name and password commonly used.
Violence guesses and separates similar dictionary attack that the invador attempts the array mode of the possible character of institute with violence with special computing machine and program.Because COMPUTER CALCULATION speed is more and more faster, a password of being made up of 4 lowercases can be cracked in a few minutes; And long password comprises numeral, punctuate, upper and lower case letter, and possible combination reaches 10,000,000,000,000 kinds, if this computing machine can be attempted 1,000,000 kinds of combinations p.s., can be cracked in one month.But the decryption software of invading enterprise network is at present then claimed per second and is finished 8,000,000 test combinations.
Therefore, be that password setting is latent inadequately close greatly in the reason that causes the jactitator to invade, the jactitator is guessed right easily.The authentication of one-time password (otp) reinforcement status though develop at present, replace traditional cipher authentication.But this method, and even other substitutes or the mode of the auxiliary password system of software token (soft token), smart card (smartcards) or digital signature (certificate) (for example based on) all to be limited by implementation cost high, have can't universalness problem.
Simultaneously, the different system security is inconsistent, but majority are for for simplicity, all uses identical password at the e-mail box of its mandate with workstation number of the account etc.Like this, under attack when the computer system that safety grades is rigorous inadequately, when making the outflow of user's account, the probability that can make these invadors grasp other system by these accounts greatly increases.
Therefore, up to now, if consider security and implementation simultaneously, safeguards system safety the best way is to forbid that the user reuses Old Password (force password history), and whether time (maximum password life-span and minimum password life-span), minimum password length and user between twice change password must mix use upper and lower case letter, numeral and special character (password must satisfy the complicacy requirement) and limit.Theoretical, consider the current technology that cracks, the user should design 18~23 skimble-skamble characters and avoid dictionary attack, and change in per 2~3 months is once, and simultaneously, different work systems should use each other password to be the best.
Yet common people are difficult to the skimble-skamble mess code character of effcient memory, so regular meeting forgets Password.Even if remembered, need every two to three months to change once again, and the account password of each system is when inconsistent, also often cause puzzlement in the use because of the password that can't distinguish each account use.Like this, may cause account to be lockable, or, need to apply for account password again one time through miscellaneous formality owing to forget Password.
Summary of the invention
Fundamental purpose of the present invention is, auxiliary user set up one group be difficult for forgeing and sufficiently long mess code as password, obtain account data to prevent the invador with means such as brute force attacks, and illegal access system resource.For the attacking system that prevents that arithmetic speed is more and more faster, safest password should be 18~23 characters, and per 2~3 months regularly change once.In addition, the user should set different passwords between different server.Yet, because human brain is difficult to recite the mess code of 18~23 characters, simultaneously, will cause the confusion used owing to set too many group password, cause the user to lose password on the contrary, mix up password.Therefore, the present invention adopts transfer function, imports to obtain password with the diction sentence of easy memory.User of the present invention can obtain mess code from the diction sentence of easily reciting, because diction sentence compares with mess code, therefore the easier back of the body and be difficult for forgetting, can guarantee that the password that the user sets up is difficult for losing.
As mentioned above, for solving the problem that the user forgets password, the diction sentence that the present invention is easy to obtain based on the individual produces one group of irreversible password via transfer function.So what the user need recite is the source of diction sentence, or the interior literary composition of diction sentence.Compared to having no the target-seeking random number password of Zhang Like, the diction sentence is easily carried on the back and is difficult for forgetting.Can remember easily owing to the user simultaneously, and need not copy at ad-hoc location, therefore, the password that method of the present invention produced has highly portable and conversion, the user only needs to deposit in this transfer function in portable electronic instrument, input diction sentence can obtain long and effective password when the needs password.
Another object of the present invention is to, prevent because user's custom is leaked, and the possibility that system is cracked once again increases.Under attack and make account data when outflow when system, even if this system requirements user changes password, but since the assailant can push away by the account data of outflow the custom of user's setting code, when intrusion system once more, can guess easily and separate account password, so significantly reduce the security of system.
In sum, the present invention is a kind of diction sentence to be easy to obtain, and the sentence of will leaving forever inputs to transfer function to produce the method for account password.Wherein, the present invention uses pseudo-random function to produce function as password.With of the input of this diction sentence as transfer function, to produce the mess code character string, for the user as account password.Wherein, this diction sentence is to select from conveniently obtain, be difficult for the diction sentence of forgeing or keeping firmly in mind in individual memory, therefore for that can remember in order or easy inquiry, forgets password so can avoid the user to leak.Simultaneously, the password that this transfer function produces is that random number is arranged, and therefore is not vulnerable to malice jactitator's intrusion, and causes the outflow of personal data even the destroyed danger of computer system.Simultaneously, the present invention with pseudo-random function as transfer function.Because the characteristic of pseudo-random function, same input seed can obtain identical random number output, so the user can engrave the diction sentence of quoting on one's mind, if when needing login, inputs in the pseudo-random function with this diction and can obtain password.
In addition, preferably to adopt One-Way Hash Function be that the pseudo random number on basis produces function in the present invention.One-Way Hash Function is the method for a kind of intangibility compression (unidirectional),, can't obtain input by known output that is, maybe can't try to achieve wantonly two and import and it is output as identical method.On the other hand, pseudo-random function can produce a lot of random digit that can not be predicted.Therefore the method that password of the present invention produces has tight security, even if learn password, also can't obtain primordial seed diction sentence, can effectively protect user's the custom of selecting for use, when changing password once more difficulty be cracked.
Description of drawings
Fig. 1 is the application drawing of hash function;
Fig. 2 is range of application figure of the present invention;
Fig. 3 is one embodiment of the present of invention figure;
Fig. 4 is an alternative embodiment of the invention figure;
Fig. 5 is a process flow diagram of the present invention.
In the accompanying drawing, the list of parts of each label representative is as follows:
10-hash function input 11-hash function
The input of 12-hash function output 13-hash function
The output of 14-hash function 15-hash function
21-personal digital assistant 25-personal computer
The sentence of leaving forever of 23-mobile computer 31-embodiment
The 35-that leaves forever of embodiment after the 33-change inputs to function as seed
37-obtains exporting 41-and selects to leave forever sentence
43-adds the sentence generation condition 45-that leaves forever and inputs to pseudo-random function
47-obtains exporting 49-input account password
A 501-502-that selects to leave forever judges whether to revise
504-revises a 506-that leaves forever and judges whether to add password generation condition
508-adds password generation condition 510-and inputs to pseudo-random function
512-obtains exporting 514-and will import as account password
Embodiment
The present invention recites or is present in diction sentence in the individual memory, the method and the transfer function of generation user account password to be easy to obtain, to be easy to for a kind of.This diction sentence is in order to the input as transfer function, can be used as the character string that the character of password is formed with generation, makes things convenient for the user to be utilized as account password.Therefore, the present invention makes the terminology sentence to produce the method for meaningless random number for auxiliary user, because this diction sentence is to select from conveniently obtain, be difficult for the words and expressions of forgeing or keeping firmly in mind in individual memory, therefore be that to remember in order or easy inquiry, therefore can avoid forgetting password and produce trouble because of user's leakage.Simultaneously, the password that this transfer function produces is that random number is arranged, thereby the intrusion that therefore is not vulnerable to the malice jactitator causes personal data outflow even the destroyed danger of computer system.
For instance, user at first need select his diction sentence of being familiar with, as preceding ten lyrics of certain first popular song, with its input seed as transfer function.Afterwards, this diction sentence becomes the random number character that can accept in the computer system as password through the conversion of transfer function, is replicated in the password hurdle of login for the user.Because the Password Length that various system accepted differs, the user can select the account password of its length that limits as system according to the requirement of system to Password Length.Perhaps, if system is not limited the length of password, then the random number that produces of this function can be all as account password.Transfer function is a pseudo-random function, the output result is converted to the random number character string of the character that meets the password permission.
For making the user produce identical password by identical diction sentence, the present invention with pseudo-random function as transfer function.Because the characteristic of pseudo-random function is that same input seed can obtain identical random number output, so the user can engrave the diction sentence of being quoted on one's mind, if when needing login, imports in this pseudo-random function with the diction sentence of being engraved on one's mind, thereby obtains password.
The information of memory to be to obtain easily to most preferably, therefore can select content in the popular books as seed, as certain chapters and sections in the Holy Bible, or a certain piece of writing of The Analects of Confucius.Because the Holy Bible and The Analects of Confucius all have great general polarity, be easy to just can find in bookstore now, therefore need not remember.When needing input diction sentence, can on publishing house, bookshelf, look in real time.In addition, also can be with certain the keyword fan-in network Search engine inquiry in the seed diction sentence.
Therefore, the user only need remember and quotes title and numbering of section gets final product, and so the user need not write down disorderly mess code hard, also password need not be copied other or be carried in the leather wallet in computing machine.In other words, the required memory of user is the source of diction sentence, but not a string meaningless mess code of forming by letter, numeral and symbol.
Though these diction Jurongs easily obtain, but selected paragraph diction sentence but determines according to user's needs, is learnt that the diction sentence that the user quotes comes from the Holy Bible even therefore have the outsider of malice, but because the Holy Bible is abundant in content, therefore still do not know the paragraph that it is chosen, so crack by no means easy.Further, books have different editions, just have and close version and think high version etc. as the Holy Bible, simultaneously, can select different language (as English copy, Chinese version etc.) input for use, different by version and language, can arrange out more kinds of possibilities, then more deepen the difficulty that cracks.
In addition, can select to take leave sentence remembers.Recite for convenience, should once carry on the back and the diction sentence that is difficult for forgeing serves as preferred with the user, as the poem of reciting, the lyrics of popular song etc.Owing to song or verse are recited easily and be difficult for forgetting, so the user can intercept wherein some paragraph or all memories, with it as the input seed.
Processor calculating speed is more and more faster now, and invador's algorithm skill also is showing improvement or progress day by day, for account being carried out security protection, long more in theory difficult more the cracking of user's account password.Therefore, the diction sentence of being quoted is long more, and the password difficulty that produces is just big more relatively, thus difficult more cracking.Therefore, the present invention is for producing a kind of method by leave forever sentence generation, the difficult strong cipher of breaking through, and on the other hand, the user need not take up one's energy and recite the mess code that is produced.
Obtained for fear of the diction sentence that the user imported by other malicious intrusions person, and select for use before the custom of diction sentence is exposed to the invador the user, increase the possibility of its decryption, it is the pseudo random number generation function on basis that the present invention preferably adopts One-Way Hash Function.One-Way Hash Function is the method for a kind of intangibility compression (unidirectional),, can't obtain input by known output that is, maybe can't try to achieve any two inputs and it is output as identical method.Shown in the square frame 10 of Fig. 1, when input x=110010, hash function is output as 1010110100101, as square frame 12.And on the other hand, if when x+1=110011 inputed to this hash function, the output square frame 15 that obtains is 01001101001.Then have no related between the output of hash function (x) and hash function (x+1).On the other hand, pseudo-random function can produce long and random digit that can not be predicted of a lot of cycle.Therefore, the method that password of the present invention produces has tight security, even if learn password, also can't obtain primordial seed diction sentence, can effectively protect user's the custom of selecting for use, thus when the user changes password once more difficulty be cracked.
As shown in Figure 2, method of the present invention provides and has highly portable password generator.For instance, the source code of transfer function can openly be downloaded, the user can be replicated in function in personal computer 25 or the portable electronic arithmetical unit (as personal digital aid (PDA) (PDA) 21 or mobile computer 23), when therefore no matter needing password wherein, all can input the diction sentence in real time and produce long password.In addition, also can arrive place that computing machine and network are provided (as network coffee shop etc.) and download function, to produce password.So password is easily available, thereby increased convenience of the present invention.
As shown in Figure 3, for fear of the defective that password may repeat too easily, input diction sentence of the present invention can carry out fraction to be revised.For instance, be the function seed if quote king " the stepping on stork magpie building " that melt, its original text is a square frame 31:
" daytime near the mountain to the greatest extent the Yellow River go into ocean current ascend further, were you to look farther "
But in order to increase the security of password, can according to circumstances original text be done intelligible change, as " the Yellow River " is made into " the Changjiang river ", then importing seed becomes square frame 33:
" daytime near the mountain to the greatest extent the Changjiang river go into ocean current ascend further, were you to look farther "
In addition, can insert same literal at interval, form:
" most near the mountain the Yellow River of daytime is gone into the poor a thousand li order of ocean current desire and is attained a yet higher goal "
Perhaps, verse can be imported conversely with inverted order.More than these modes be will diction sentence the mode of change a little.Yet reaffirm that again these change parts are user institute, and oneself is located in the memory, the outsider can't obtain easily.At last, these diction sentences of revising are the seed of pseudo-random function, shown in square frame 35~37.
For further promoting the security that accesses to your password, password should be wanted regular update, and should use different passwords between different account.For realizing this purpose, can add password and produce condition, it can be realized the modification of the sentence of leaving forever by several.For instance, the user can add code name or the title of wanting login system behind the sentence of leaving forever, and then can avoid the user all to quote the disadvantage of same password in all accounts.
For instance, as shown in Figure 5, a user has the account of Gmail E-mail, Skype account, MSN account and Hinet E-mail, and the input of its selection is left forever sentence for " stepping on stork magpie building ", shown in square frame 41.For different passwords are set in different accounts, its input seed then is respectively " sentence+server name of leaving forever ".That is, the input seed of Gmail mailbox password such as square frame 43 and 44 are " Gmail steps on stork magpie building " that the input seed of Skype account is " Skpye steps on stork magpie building ", by that analogy.Note, this number of the account is positioned at before the sentence of leaving forever, afterwards or the middle person of being to use from ordering.Afterwards, again these diction sentences are inputed to pseudo-random function as seed, the output that obtains is as the password of each account mailbox, shown in square frame 45 to 49.
In addition, owing to the password of system need be changed once at set intervals, so the user can consider on the suitable date or the setting date of leaving forever sentence back adding password, to satisfy the requirement of periodic replacement password.Same example with Fig. 4, if the mailbox password of Gmail is to set on January 1st, 2005, it is on April 1st, 2005 that this mailbox password resets the time once more next time, and then the seed of input function can be " stepping on stork magpie building Gmail2005/01/01~2005/03/31 ".
In addition, selection that can different coding produces password.Example with front " stepping on stork magpie building " can use punctuation mark, and seed is become:
" daytime, to the greatest extent, ocean current was gone in the Yellow River near the mountain; Ascend another storey to see a thousand miles further.”
For the country of non-English Department, more comprised coding selection.With Chinese is example, and Big5 (Big5) and four ten thousand country codes (UCS4) etc. are just arranged, and simplified form of Chinese Character and Chinese-traditional coding is different in addition.Even can use phonetic notation or phonetic as coding, the wrongly written or mispronounced characters when avoiding input in Chinese.
In sum, entire flow figure of the present invention is illustrated by Fig. 5.As shown in the figure, when the user asks to login and receive the log-on message that server transmits, can select a group leader to take leave sentence in advance, shown in step 501.Select whether revise this sentence of leaving forever afterwards, because can keep the original appearance of sentence of leaving forever, so can select not revise, as step 502~504.For tightening security property further, the user should set different passwords under different accounts, but step 506 is not absolute, can all set same password yet.Step 510 is to shown in 514 for another example, and the sentence of leaving forever that obtains is at last inputed in the pseudo-random function, as account password, duplicates and input to server with the input that produced.
Claims (9)
1. one kind produces the method for nonsense codon with the diction sentence with logic, and described method comprises:
From known diction sentence, select a string literal;
Described literal is inputed to tandom number generator as seed;
The output of choosing described tandom number generator forms password, and wherein, described password suitably is applied to log into thr computer or server system.
2. the method for claim 1, wherein the output of described tandom number generator comprises letter.
3. the method for claim 1, wherein the output of described tandom number generator comprises numeral.
4. the method for claim 1, wherein described tandom number generator is output as letter and digital combination.
5. the method for claim 1, wherein described tandom number generator comprises pseudo-random function.
6. method as claimed in claim 5, wherein, described pseudo-random function uses hash function to be the basis.
7. the method for claim 1, wherein described literal is re-used as seed after revising, and inputs to described tandom number generator.
8. the method for claim 1, wherein described seed further comprises the code name of the system that will login.
9. the method for claim 1, wherein described seed further comprises the suitable date of setting code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610008022 CN101025874A (en) | 2006-02-23 | 2006-02-23 | Method for generating meaningless password using logical expression |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610008022 CN101025874A (en) | 2006-02-23 | 2006-02-23 | Method for generating meaningless password using logical expression |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101025874A true CN101025874A (en) | 2007-08-29 |
Family
ID=38744134
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200610008022 Pending CN101025874A (en) | 2006-02-23 | 2006-02-23 | Method for generating meaningless password using logical expression |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101025874A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102768716A (en) * | 2011-05-04 | 2012-11-07 | 杨建纲 | Memory card and reading, data encryption, key generation and password changing method thereof |
| CN103685164A (en) * | 2012-09-05 | 2014-03-26 | 国际商业机器公司 | Method for dynamically providing algorithm password for cross-examination authentication as well as computer device |
| CN106355425A (en) * | 2015-07-15 | 2017-01-25 | 阿里巴巴集团控股有限公司 | Method for generating verification codes of electronic certificates and verification canceling method and device for electronic certificates |
-
2006
- 2006-02-23 CN CN 200610008022 patent/CN101025874A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102768716A (en) * | 2011-05-04 | 2012-11-07 | 杨建纲 | Memory card and reading, data encryption, key generation and password changing method thereof |
| CN103685164A (en) * | 2012-09-05 | 2014-03-26 | 国际商业机器公司 | Method for dynamically providing algorithm password for cross-examination authentication as well as computer device |
| CN106355425A (en) * | 2015-07-15 | 2017-01-25 | 阿里巴巴集团控股有限公司 | Method for generating verification codes of electronic certificates and verification canceling method and device for electronic certificates |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20070245149A1 (en) | Method for obtaining meaningless password by inputting meaningful linguistic sentence | |
| Ahvanooey et al. | AITSteg: An innovative text steganography technique for hidden transmission of text message via social media | |
| US8666065B2 (en) | Real-time data encryption | |
| US8918849B2 (en) | Secure user credential control | |
| CN106161006B (en) | Digital encryption algorithm | |
| Cheswick | Rethinking passwords | |
| Jaeger et al. | Analysis of publicly leaked credentials and the long story of password (re-) use | |
| CN107241184A (en) | Personal identification number generation and management method based on improvement AES | |
| JP6636265B2 (en) | Computer application system and method for generating and restoring authentication code | |
| CN101025874A (en) | Method for generating meaningless password using logical expression | |
| Davidson | The world wants to reopen: will vaccine passes be the key? | |
| Still | Cybersecurity needs you! | |
| Rafat et al. | Secure digital steganography for ASCII text documents | |
| Gabor et al. | Security issues related to e-learning education | |
| Alhamed et al. | VowPass: Novel method to generate secure and memorable passwords | |
| Cheswick | Rethinking Passwords: Our authentication system is lacking. Is improvement possible? | |
| CN104298905B (en) | A kind of password input method based on two-stage conversion and system | |
| BRĂSLAȘU et al. | Easy to Remember, Hard to Guess: A Password Generation Tool for the Digital Age | |
| Mandal et al. | Number system oriented text steganography in English language for short messages: A decimal approach | |
| Sishi | An investigation of the security of passwords derived from African languages | |
| Abdulatif | Secure Server Login by Using Third Party and Chaotic System | |
| Rodwald | Large scale attack on gravatars from stack overflow | |
| PL | A comparative study based on information security | |
| Mathur et al. | A Novel Approach For Secured Decentralised Data Protection Vault | |
| Bibicu | An Original Algorithm for Password Encryption. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |