CN110362987A - A kind of lightweight assessment algorithm of Cipher Strength - Google Patents
A kind of lightweight assessment algorithm of Cipher Strength Download PDFInfo
- Publication number
- CN110362987A CN110362987A CN201910582570.9A CN201910582570A CN110362987A CN 110362987 A CN110362987 A CN 110362987A CN 201910582570 A CN201910582570 A CN 201910582570A CN 110362987 A CN110362987 A CN 110362987A
- Authority
- CN
- China
- Prior art keywords
- password
- editing distance
- cipher
- given
- vector
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 239000013598 vector Substances 0.000 claims abstract description 32
- 238000003780 insertion Methods 0.000 claims abstract description 10
- 230000037431 insertion Effects 0.000 claims abstract description 10
- 238000000034 method Methods 0.000 claims description 5
- 238000012360 testing method Methods 0.000 abstract description 3
- 235000013399 edible fruits Nutrition 0.000 description 2
- 238000002474 experimental method Methods 0.000 description 2
- 241001463139 Vitta Species 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a kind of lightweight assessment algorithms of Cipher Strength, given password and standard strong cipher are indicated with vector, which is made of number, lowercase, capitalization, spcial character and Password Length;According to given crypto vector and standard strong cipher vector, the cosine length similarity of given password and standard strong cipher is calculated;The quantity of insertion needed for given password is converted to standard strong cipher by statistics, replacement and delete operation calculates the editing distance similarity of given password and standard strong cipher;Comprehensive cosine length similarity and editing distance similarity determine the bulk strength of given password.The present invention evaluates and tests algorithm better than existing lightweight Cipher Strength in terms of the accuracy of identification strong cipher and weak password, and the memory space needed is very small, and client password strength assessment is suitble to use.
Description
Technical field
The present invention relates to field of information security technology, the lightweight assessment algorithm of especially a kind of Cipher Strength.
Background technique
Password authentification is the first line of defence for protecting network system.Text password is a kind of common authentication form,
For the safety for ensuring text password authentication, many systems add password detection instrument on website, pass through text and face
Vitta intuitively shows Cipher Strength, helps user setting high-intensitive and is easy the high-intensitive password of memory.
Rule-based method measures Cipher Strength by simple rule, can not capture password complexity, it is difficult to
The accurate intensity for estimating given password, is often labeled as strong cipher for weak password, and strong cipher is labeled as weak password.Based on general
The conjecture algorithm of rate uses the property guessed to measure as Cipher Strength, has very high accuracy in terms of testing Cipher Strength,
But the algorithm is computation-intensive, needs a large amount of memory space, is not suitable in client deployment.There are also some other skills
Art, such as password dictionary is used, due to the problems such as there are long operational time and big data spaces, be not suitable for directly in client
User password intensity is detected on end or webpage.
Summary of the invention
The purpose of the present invention is to provide a kind of lightweight assessment algorithms of Cipher Strength.
The technical solution for realizing the aim of the invention is as follows: a kind of lightweight assessment algorithm of Cipher Strength
(Lightweight Password-Strength Estimation, LPSE), the specific steps are as follows:
Given password and standard strong cipher are indicated that the vector is by number, lowercase, capital letter by step 1 with vector
Female, spcial character and Password Length composition;
Step 2, basis give crypto vector and standard strong cipher vector, calculate the cosine of given password and standard strong cipher
Length similarity;
The quantity of insertion needed for given password is converted to standard strong cipher by step 3, statistics, replacement and delete operation,
Calculate the editing distance similarity of given password and standard strong cipher;
Step 4, comprehensive cosine length similarity and editing distance similarity determine the bulk strength of given password.
Compared with prior art, the present invention its remarkable advantage are as follows: accuracy of the present invention in identification strong cipher and weak password
Aspect evaluates and tests algorithm better than existing lightweight Cipher Strength, and the memory space needed is very small, is suitble to client password
Strength assessment uses.
Detailed description of the invention
Fig. 1 is the flow chart of the lightweight assessment algorithm of Cipher Strength of the present invention.
Specific embodiment
In the following with reference to the drawings and specific embodiments, the present invention program is further illustrated.
As shown in Figure 1, a kind of lightweight assessment algorithm of Cipher Strength, the specific steps are as follows:
Given password and standard strong cipher are indicated that the vector is by number, lowercase, capital letter by step 1 with vector
Female, spcial character and Password Length composition, each component be respectively as follows: digital number * 1, lowercase * 1, capitalization number mother number * 2,
Spcial character number * 3, Password Length;The standard strong cipher need to meet two conditions, first is that password was randomly generated, i.e.,
Password has the different types of character of equal probabilities, second is that password long enough (for example, at least 12).
Step 2, basis give crypto vector and standard strong cipher vector, calculate the cosine of given password and standard strong cipher
Length similarity;
Assuming that the vector of given password is expressed as α=(x1,x2,x3,x4,x5), the vector of standard strong cipher is expressed as αs=
(y1,y2,y3,y4,y5), then the cosine length similarity of two vectors is calculated by formula (1):
Wherein, | X | and | Y | given crypto vector and standard strong cipher vector field homoemorphism are respectively indicated, is calculated by formula (2):
The quantity of insertion needed for given password is converted to standard strong cipher by step 3, statistics, replacement and delete operation,
Calculate the editing distance similarity of given password and standard strong cipher;
Step 3.1, initial editing distance are set as 0, when given password is converted to standard strong cipher, according to corresponding position
Editing distance is added and subtracted in the operation of execution, and specific rules are as follows:
(1) when corresponding position carries out delete operation, editing distance executes subtraction: if deleting number or lowercase,
Editing distance subtracts 1;If deleting capitalization, editing distance subtracts 2;If deleting spcial character, editing distance subtracts 3;
(2) when corresponding position carries out insertion operation, editing distance executes addition: if insertion number or lowercase,
Editing distance adds 1;If being inserted into capitalization, editing distance adds 2;If being inserted into spcial character, editing distance adds 3;
(3) when corresponding position is replaced operation, editing distance executes addition or subtraction: if replaced with capitalization small
Letter or number is write, then editing distance adds 1, if replacing lowercase or number with spcial character, editing distance adds 2, such as
Fruit replaces number, or number replacement lowercase with lowercase, then editing distance is constant, if replaced with lowercase special
Different character, then editing distance subtracts 2.
Step 3.2 calculates password editing distance similarity by password editing distance (formula 3):
Wherein, | P |, | T | indicate the component summation of given password and standard strong cipher, passworddist (P, T) is close
Code editing distance.
Step 4, comprehensive cosine length similarity and editing distance similarity determine the bulk strength of given password;
Assuming that given password is expressed as α, S is expressed as with the cosine length similitude of standard strong cipherc(α), with mark
The editing distance of quasi- strong cipher is expressed as Sp(α), then the bulk strength of password α is by T α=(Sc(α),Sp(α)) it indicates, it can basis
Formula (4) determines:
Embodiment
In order to verify the validity of the present invention program, following emulation experiment is carried out, given password: ChinaGood101 is measured
Cipher Strength.
Step 1, the premise as experiment generate standard strong cipher according to standard strong cipher rule first::
HelloWTO58.#, the corresponding vector of the strong cipher are αs=(2,5,6,6,12), the component on each position respectively represent number
Word number * 1, lowercase * 1, capitalization number mother number * 2, spcial character number * 3, Password Length.Given password is also used into vector
It indicates, α=(3,7,4,0,12).
Step 2, the cosine length similarity for calculating two crypto vectors, are calculated by formula (1);
Wherein, | X | and | Y | given crypto vector and standard strong cipher vector field homoemorphism are respectively indicated, is calculated by formula (2):
It is computed, P can be obtainedxy≈0.85
Step 3 calculates password editing distance, and initial editing distance is set as 0, given password is converted to standard strong cipher
When, editing distance is added and subtracted according to the operation that the two password corresponding positions execute, specific rules are as follows:
(1) when corresponding position carries out delete operation, editing distance executes subtraction: if deleting number or lowercase,
Editing distance subtracts 1;If deleting capitalization, editing distance subtracts 2;If deleting spcial character, editing distance subtracts 3;
(2) when corresponding position carries out insertion operation, editing distance executes addition: if insertion number or lowercase,
Editing distance adds 1;If being inserted into capitalization, editing distance adds 2;If being inserted into spcial character, editing distance adds 3.
(3) when corresponding position is replaced operation, editing distance executes addition or subtraction: if replaced with capitalization small
Letter or number is write, then editing distance adds 1, if replacing lowercase or number with spcial character, editing distance adds 2, such as
Fruit replaces number, or number replacement lowercase with lowercase, then editing distance is constant, if replaced with lowercase special
Different character, then editing distance subtracts 2.
Password editing distance similarity is calculated, password editing distance similarity is calculated by formula (3):
Wherein, | P |, | T | the component summation for indicating given password and standard strong cipher, by number, lowercase, capital letter
Female, spcial character number is obtained multiplied by summing after corresponding weight, and passworddist (P, T) is password editing distance, warp
It calculates, Passwordsimilarity ≈ 0.74 can be obtained.
Step 4 determines given password according to the cosine length similarity and editing distance similarity of standard strong cipher
Bulk strength.
For giving password α=(3,7,4,0,12), S is expressed as with the cosine length similitude of standard strong cipherc(α)
=0.85, and the editing distance of itself and standard strong cipher is expressed as Sp(α)=0.74, the bulk strength of password α can by T α=
(Sc(α),Sp(α)), formula (4) can be calculated:
It is computed, T can be obtainedα=strong, i.e., given password can be considered strong cipher.
Claims (6)
1. a kind of lightweight assessment algorithm of Cipher Strength, which is characterized in that specific step is as follows:
Given password and standard strong cipher are indicated that the vector is by number, lowercase, capitalization, spy by step 1 with vector
Different character and Password Length composition;
Step 2, basis give crypto vector and standard strong cipher vector, calculate the cosine length of given password and standard strong cipher
Similarity;
The quantity of insertion needed for given password is converted to standard strong cipher by step 3, statistics, replacement and delete operation, calculates
The editing distance similarity of given password and standard strong cipher;
Step 4, comprehensive cosine length similarity and editing distance similarity determine the bulk strength of given password.
2. the lightweight assessment algorithm of Cipher Strength according to claim 1, which is characterized in that in step 1, give password
Each component of vector sum standard strong cipher vector is respectively as follows: digital number * 1, lowercase * 1, capitalizes number mother number * 2, is special
Character number * 3, Password Length.
3. the lightweight assessment algorithm of Cipher Strength according to claim 1, which is characterized in that in step 1, standard is close by force
Code need to meet two conditions, first is that password was randomly generated, i.e. the password different types of character with equal probabilities, second is that
Password long enough, length are greater than given threshold.
4. the lightweight assessment algorithm of Cipher Strength according to claim 1, which is characterized in that in step 2, calculate given
Password and standard strong cipher cosine length similarity method particularly includes:
If the vector of given password is expressed as α=(x1,x2,x3,x4,x5), the vector of standard strong cipher is expressed as αs=(y1,y2,
y3,y4,y5), then the cosine length similarity of two vectors is calculated by formula (1):
Wherein, | X | and | Y | given crypto vector and standard strong cipher vector field homoemorphism are respectively indicated, is calculated by formula (2):
5. the lightweight assessment algorithm of Cipher Strength according to claim 1, which is characterized in that in step 3, calculate given
The editing distance similarity of password and standard strong cipher method particularly includes:
Step 3.1, initial editing distance are set as 0, when given password is converted to standard strong cipher, are executed according to corresponding position
Operation editing distance is added and subtracted, specific rules are as follows:
(1) when corresponding position carries out delete operation, editing distance executes subtraction: if deleting number or lowercase, editing
Distance subtracts 1;If deleting capitalization, editing distance subtracts 2;If deleting spcial character, editing distance subtracts 3;
(2) when corresponding position carries out insertion operation, editing distance executes addition: if insertion number or lowercase, are edited
Distance plus 1;If being inserted into capitalization, editing distance adds 2;If being inserted into spcial character, editing distance adds 3;
(3) when corresponding position is replaced operation, editing distance executes addition or subtraction: if replacing small letter with capitalization
Female or number, then editing distance adds 1, if adding 2 with spcial character replacement lowercase or number, editing distance, if with
Lowercase replacement number, or number replacement lowercase, then editing distance is constant, if replacing special word with lowercase
Symbol, then editing distance subtracts 2;
Step 3.2, password editing distance similarity are calculated by formula 3:
Wherein, | P |, | T | indicate the component summation of given password and standard strong cipher, passworddist (P, T) is password volume
Collect distance.
6. the lightweight assessment algorithm of Cipher Strength according to claim 1, which is characterized in that in step 4, calculate given
The bulk strength of password method particularly includes:
If given password is expressed as α, S is expressed as with the cosine length similitude of standard strong cipherc(α), with standard strong cipher
Editing distance be expressed as Sp(α), the bulk strength of password α is by T α=(Sc(α),Sp(α)) it indicates, it is determined according to formula (4):
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910582570.9A CN110362987A (en) | 2019-06-29 | 2019-06-29 | A kind of lightweight assessment algorithm of Cipher Strength |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910582570.9A CN110362987A (en) | 2019-06-29 | 2019-06-29 | A kind of lightweight assessment algorithm of Cipher Strength |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110362987A true CN110362987A (en) | 2019-10-22 |
Family
ID=68217686
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910582570.9A Pending CN110362987A (en) | 2019-06-29 | 2019-06-29 | A kind of lightweight assessment algorithm of Cipher Strength |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110362987A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111046375A (en) * | 2019-11-28 | 2020-04-21 | 福建吉诺车辆服务股份有限公司 | System password auditing method and terminal |
| CN118551364A (en) * | 2024-07-30 | 2024-08-27 | 苏州市软件评测中心有限公司 | Commercial password security assessment method and system based on deep learning |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106649273A (en) * | 2016-12-26 | 2017-05-10 | 东软集团股份有限公司 | Text processing method and text processing device |
| CN109299277A (en) * | 2018-11-20 | 2019-02-01 | 中山大学 | The analysis of public opinion method, server and computer readable storage medium |
-
2019
- 2019-06-29 CN CN201910582570.9A patent/CN110362987A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106649273A (en) * | 2016-12-26 | 2017-05-10 | 东软集团股份有限公司 | Text processing method and text processing device |
| CN109299277A (en) * | 2018-11-20 | 2019-02-01 | 中山大学 | The analysis of public opinion method, server and computer readable storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111046375A (en) * | 2019-11-28 | 2020-04-21 | 福建吉诺车辆服务股份有限公司 | System password auditing method and terminal |
| CN118551364A (en) * | 2024-07-30 | 2024-08-27 | 苏州市软件评测中心有限公司 | Commercial password security assessment method and system based on deep learning |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Liu et al. | Reactance perturbation for detecting and identifying FDI attacks in power system state estimation | |
| Golla et al. | On the accuracy of password strength meters | |
| Qu et al. | Natural language understanding with privacy-preserving bert | |
| Guo et al. | LPSE: Lightweight password-strength estimation for password meters | |
| US11470097B2 (en) | Profile generation device, attack detection device, profile generation method, and profile generation computer program | |
| CN105224600B (en) | A kind of detection method and device of Sample Similarity | |
| Liu et al. | aleak: Privacy leakage through context-free wearable side-channel | |
| CN108885912B (en) | System for setting relative tolerance limits by using repeated cross validation and method thereof | |
| CN110362987A (en) | A kind of lightweight assessment algorithm of Cipher Strength | |
| Gast et al. | Size expansions of mean field approximation: Transient and steady-state analysis | |
| EP3040901A1 (en) | System and method for aligning time-series data over a large range of time indices | |
| CN103957191A (en) | Detection method for Chinese domain name spoof attack | |
| Shang et al. | A machine learning based golden-free detection method for command-activated hardware Trojan | |
| Li et al. | A self‐exciting marked point process model for drought analysis | |
| CN108090364B (en) | Method and system for positioning data leakage source | |
| CN112464297B (en) | Hardware Trojan detection method, device and storage medium | |
| CN112380537A (en) | Method, device, storage medium and electronic equipment for detecting malicious software | |
| CN113935034A (en) | Malicious code family classification method and device based on graph neural network and storage medium | |
| Thompson | Poisson distributions | |
| CN113051601B (en) | Sensitive data identification method, device, equipment and medium | |
| KR101725450B1 (en) | Reputation management system provides safety in html5 and method of the same | |
| CN106850186A (en) | The hashing algorithms of SHA 256 resist the detection method of differential fault attack | |
| US9344277B2 (en) | Mass serialization analytics | |
| CN111756735A (en) | DNS tunnel traffic detection method and device | |
| Tupsamudre et al. | POSTER: improved markov strength meters for passwords |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191022 |
|
| RJ01 | Rejection of invention patent application after publication |