CN113312610A - Weak password detection method, device, medium and electronic equipment - Google Patents

Weak password detection method, device, medium and electronic equipment Download PDF

Info

Publication number
CN113312610A
CN113312610A CN202110672884.5A CN202110672884A CN113312610A CN 113312610 A CN113312610 A CN 113312610A CN 202110672884 A CN202110672884 A CN 202110672884A CN 113312610 A CN113312610 A CN 113312610A
Authority
CN
China
Prior art keywords
password
weak
user
user information
scanning
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110672884.5A
Other languages
Chinese (zh)
Inventor
周娟
蒋亮
郭勇
彭继革
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202110672884.5A priority Critical patent/CN113312610A/en
Publication of CN113312610A publication Critical patent/CN113312610A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/279Recognition of textual entities
    • G06F40/284Lexical analysis, e.g. tokenisation or collocates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/30Semantic analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • Computational Linguistics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the disclosure provides a weak password detection method, a weak password detection device, a weak password detection medium and electronic equipment. The method comprises the following steps: acquiring user information of a plurality of users; generating a weak cipher table based on the user information and the user information splicing rule; and scanning and detecting the user password of the user in the password file based on the weak password table. According to the technical scheme of the embodiment of the disclosure, the weak password table can be constructed closer to the setting habit of using the weak password by a real user, the scanning efficiency can be improved, and the problem that the performance of the host and the normal use of a service system are influenced due to the occupation of the computing resources of the host is avoided.

Description

Weak password detection method, device, medium and electronic equipment
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a weak password detection method, a weak password detection apparatus, a computer readable medium, and an electronic device.
Background
With the continuous deepening of the enterprise informatization process, business systems become more and more, and a large number of account passwords are brought along, so that if the passwords are effectively utilized by an internal attacker or an external attacker, the enterprise systems face huge security risks.
In the related technical scheme, weak password scanning processing is carried out in a combined mode of carrying out weak password blasting by adopting a missing scanning device and informing related responsible persons of rectification and modification by adopting an artificial mail. The specific flow of weak password scanning processing is as follows: 1. formulating a weak password table based on common weak passwords; 2. taking out a user name and a password of a user from the existing users of the host computer, logging in one by using the passwords in the weak password table in the step 1, wherein if the logging-in is successful, the password of the user is a weak password, and if all the passwords fail to log in, the password of the user is not a weak password; 3. repeating the step 2 until all the users complete the scanning; 4. and informing the related responsible person of the weak password scanning result in a manual mail mode to carry out rectification.
However, in this technical solution, a large amount of simulation login is required during scanning, which not only reduces scanning efficiency, but also occupies computing resources of the host, and affects the performance of the host and the normal use of the service system.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
An object of the embodiments of the present disclosure is to provide a weak password detection method, a weak password detection apparatus, a computer readable medium and an electronic device, so as to improve scanning efficiency at least to a certain extent, and avoid occupying computing resources of a host computer and affecting the performance of the host computer and the normal use of a service system.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
According to a first aspect of the embodiments of the present disclosure, there is provided a weak password detection method, the method including: acquiring user information of a plurality of users; generating a weak cipher table based on the user information and the user information splicing rule; and scanning and detecting the user password of the user in the password file based on the weak password table.
According to the first aspect, in some example embodiments, the generating a weak password table based on the user information and a user information splicing rule includes: enumerating word segmentation modes and splicing rules of password character strings in a preset password library to generate a group of user information splicing rules; and based on the user information splicing rule, extracting corresponding characters from the user information for splicing processing, and generating a weak password table.
According to the first aspect, in some example embodiments, the enumerating word segmentation modes and concatenation rules of password character strings in a predetermined password library to generate a user information concatenation rule includes: performing word segmentation on the password character strings in the preset password library through natural language processing, and enumerating word segmentation modes of sub character strings of each password character string after word segmentation; performing part-of-speech tagging and part-of-speech generalization processing on the sub-character strings of each password character string after word segmentation, and determining the splicing rule of each password character string; obtaining a password generation rule tree based on the word segmentation mode and the splicing rule of each password character string, extracting corresponding characters from the user information based on the user information splicing rule to perform splicing processing, and generating a weak password table, wherein the method comprises the following steps: and based on the password generation rule tree, extracting corresponding characters from the user information to carry out splicing processing, and generating a weak password table.
According to the first aspect, in some example embodiments, the method further comprises: determining the use frequency of each user information splicing rule in the group of user information splicing rules in the preset password library; and sequencing the user information splicing rules in the group of user information splicing rules according to the using frequency.
According to the first aspect, in some example embodiments, the scan detecting the user password of the user in the password file based on the weak password table includes: acquiring the user password of the user from a password file in a multithreading mode; scanning and comparing the user password according to the weak password table; if the comparison result is consistent, determining that the user password is a weak password; and if the comparison results are not consistent, continuing to perform scanning comparison until the comparison results are consistent or all the weak passwords in the weak password table are scanned completely.
According to the first aspect, in some example embodiments, the obtaining the user password of the user from the password file in a multi-threaded manner includes: acquiring user passwords of users in a number corresponding to the computing capacity of each computing node from the password file in a multithreading mode through each computing node in the distributed system; the scanning and comparing the user password according to the weak password table comprises: and scanning and comparing the user password through each computing node according to the weak password table.
According to the first aspect, in some example embodiments, the method further comprises:
and if the user password is a weak password, alarming in a short message mode.
According to a second aspect of embodiments of the present disclosure, there is provided a weak password detection apparatus, the apparatus including: the user information acquisition module is used for acquiring user information of a plurality of users; the weak cipher table generating module is used for generating a weak cipher table based on the user information and the user information splicing rule; and the scanning module is used for scanning and detecting the user password of the user in the password file based on the weak password table.
According to a second aspect, in some example embodiments, the weak cipher table generation module comprises: the rule generating unit is used for enumerating word segmentation modes and splicing rules of password character strings in a preset password library and generating a group of user information splicing rules; and the password generating unit is used for extracting corresponding characters from the user information to carry out splicing processing based on the user information splicing rule to generate a weak password table.
According to the second aspect, in some example embodiments, the rule generation unit is further configured to: performing word segmentation on the password character strings in the preset password library through natural language processing, and enumerating word segmentation modes of sub character strings of each password character string after word segmentation; performing part-of-speech tagging and part-of-speech generalization processing on the sub-character strings of each password character string after word segmentation, and determining the splicing rule of each password character string; obtaining a password generation rule tree based on the word segmentation mode and the splicing rule of each password character string, wherein the password generation unit is further configured to: and based on the password generation rule tree, extracting corresponding characters from the user information to carry out splicing processing, and generating a weak password table.
According to a second aspect, in some example embodiments, the apparatus further comprises: a usage frequency determining module, configured to determine a usage frequency of each user information splicing rule in the set of user information splicing rules in the predetermined password library; and the sequencing module is used for sequencing the user information splicing rules in the group of user information splicing rules according to the use frequency.
According to the second aspect, in some example embodiments, the scanning module is further configured to: acquiring the user password of the user from a password file in a multithreading mode; scanning and comparing the user password according to the weak password table; if the comparison result is consistent, determining that the user password is a weak password; and if the comparison results are not consistent, continuing to perform scanning comparison until the comparison results are consistent or all the weak passwords in the weak password table are scanned completely.
According to the second aspect, in some example embodiments, the scanning module is further configured to: acquiring user passwords of users in a number corresponding to the computing capacity of each computing node from the password file in a multithreading mode through each computing node in the distributed system; and scanning and comparing the user password through each computing node according to the weak password table.
According to a second aspect, in some example embodiments, the apparatus further comprises: and the alarm module is used for giving an alarm in a short message mode if the user password is a weak password.
According to a third aspect of embodiments of the present disclosure, there is provided a computer-readable medium, on which a computer program is stored, which when executed by a processor, implements the weak password detection method as described in the first aspect of the embodiments above.
According to a fourth aspect of the embodiments of the present disclosure, there is provided an electronic apparatus including: one or more processors; storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the weak password detection method as described in the first aspect of the embodiments above.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:
in some embodiments of the present disclosure, on one hand, by collecting user information, a weak password table can be constructed closer to a setting habit that a real user uses a weak password; on the other hand, the password files of the host, the database and the service system are analyzed to obtain the user password, and the user password is scanned in a traversing manner through the weak password table based on the user information, so that the scanning efficiency is improved, and the problems that the performance of the host and the normal use of the service system are influenced due to the occupation of the computing resources of the host can be avoided; on the other hand, compared with the scheme of adopting the static weak password dictionary table in the prior art, the weak password table can be dynamically generated, so that the weak password table can be dynamically updated in real time, and the reliability of the detection result of the weak password is further improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty. In the drawings:
fig. 1 illustrates an architectural schematic of a weak password scanning system provided in accordance with some embodiments of the present disclosure;
fig. 2 shows a flow diagram of a weak password detection method according to some example embodiments of the present disclosure;
fig. 3 illustrates a flow diagram of weak cipher table generation in accordance with some example embodiments of the present disclosure;
FIG. 4 illustrates a structural schematic of a semantic tree, according to some example embodiments of the present disclosure;
fig. 5 illustrates a flow diagram of weak password scanning in some example embodiments according to the present disclosure;
FIG. 6 illustrates a flow diagram of a weak password scan by a single compute node of some example embodiments of the present disclosure;
FIG. 7 illustrates a flow diagram for multiple computing nodes downloading a password file in some example embodiments according to the present disclosure;
FIG. 8 illustrates a schematic structural diagram of a weak password detection apparatus according to an embodiment of the present disclosure;
fig. 9 shows a schematic structural diagram of an electronic device in an exemplary embodiment according to the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
In order to clearly explain technical solutions in the embodiments of the present disclosure, before specifically developing and explaining the embodiments of the present disclosure, some terms applied in the embodiments are first described.
And (3) user information splicing rules: the user information splicing rule is a password generation rule determined according to a plurality of password character strings in a preset password library. For example, the user information splicing rule may include: splicing rules of one or more of numbers, letters and special characters, splicing rules of date passwords and the like.
Weak cipher table: and a password table or a password library formed by a plurality of weak passwords generated according to the user information and the user information splicing rule.
Hereinafter, a weak password detection method in an exemplary embodiment of the present disclosure will be described in detail with reference to the drawings.
Fig. 1 illustrates an architectural schematic of a weak password scanning system provided in accordance with some embodiments of the present disclosure. The weak password scanning system includes: a host 110, a data cache 120, and a compute node 130. The host 110 is a host that needs to perform weak password scanning, such as a Linux host, and the host 110 includes a database, such as a MySQL database or an Oracle database; the data cache 120 is used for caching all encrypted user password information; the compute node 130 is used to perform weak password scan computations.
It should be noted that the host may be a desktop computer, a portable computer, a smart phone, a tablet computer, and the like. The data cache 120 may be a cache of a data storage server, such as a MySQL database or an Oracle database. The computing node 130 may be a server cluster formed by a plurality of physical servers or a node of a distributed system, and the computing node 130 may be an independent physical server or a cloud server node providing cloud services.
Fig. 2 illustrates a flow diagram of a weak password detection method according to some example embodiments of the present disclosure. The execution subject of the weak password detection method provided by the embodiment of the present disclosure may be a computing device having a computing processing function, such as the computing node 130 of fig. 1. The weak password detection method includes steps S210 to S230, and the weak password detection method in the example embodiment is described in detail below with reference to the drawings.
Referring to fig. 2, in step S210, user information of a plurality of users is acquired.
In an example embodiment, the user information may include user identity information and user address information, and may also include other suitable user information such as user interest and preference information, and the like, which is also within the scope of the present disclosure.
Further, user information of the user to be scanned is collected. For example, the method collects available login users on weak password monitoring targets such as a host, a database, a business system and the like, maintains user information of the users collected in different systems, such as name pinyin, name shorthand, name initials, birthdays, identity card numbers, mailbox names, city pinyin, city shorthand, city initials and the like, and forms a user basic information base based on the users.
In step S220, a weak cipher table is generated based on the user information and the user information splicing rule.
In an example embodiment, the user information splicing rule is a password generation rule determined from a plurality of password character strings in a predetermined password library. For example, the user information splicing rule may include: a concatenation rule of one or more of numbers, letters, and special characters, a date and password concatenation rule, etc., but it should be understood by those skilled in the art that the user information concatenation rule in the exemplary embodiment of the present disclosure is not limited thereto, for example, the user information concatenation rule may also be an english word concatenation rule or a chinese pinyin concatenation rule, etc., which is also within the scope of the present disclosure.
Further, word segmentation modes and splicing rules of password character strings in a preset password library can be enumerated to generate a group of user information splicing rules, and corresponding characters are extracted from the user information based on the user information splicing rules to generate a weak password table. For example, the word segmentation mode and the splicing rule of each password character string in a preset password library are determined according to a natural language processing method, and the corresponding user information splicing rule is generated according to the word segmentation mode and the splicing rule of the password character strings. For example, if the password character string is "ilovexy 1314", the word segmentation method may be [ i, love, xy, 1314], and the generated user information concatenation rule is [ letters, english words, letters, numbers ], and corresponding characters, such as letters, english words, numbers, and the like, are extracted from the user information according to the user information concatenation rule to generate a weak password corresponding to the user information concatenation rule.
In step S230, the user password of the user in the password file is scan-detected based on the weak password table.
In an example embodiment, a user password of a user is obtained from a password file in a multi-thread manner; scanning and comparing the user password according to the weak password table; if the comparison result is consistent, the user password is a weak password; if the comparison result is not consistent, the scanning comparison is continued until the comparison result is consistent or the scanning of all the weak passwords in the weak password table is completed.
According to the technical scheme in the example embodiment of fig. 2, on one hand, by collecting user information, a weak password table can be constructed closer to the setting habit of using a weak password by a real user; on the other hand, the password files of the host, the database and the service system are analyzed to obtain the user password, and the user password is scanned in a traversing manner through the weak password table based on the user information, so that the scanning efficiency is improved, and the problems that the performance of the host and the normal use of the service system are influenced due to the occupation of the computing resources of the host can be avoided; on the other hand, compared with the scheme of adopting the static weak password dictionary table in the prior art, the weak password table can be dynamically generated, so that the weak password table can be dynamically updated in real time, and the reliability of the detection result of the weak password is further improved.
Fig. 3 illustrates a flow diagram of weak cipher table generation, according to some example embodiments of the present disclosure.
Referring to fig. 3, in step S305, word segmentation processing is performed.
In an example embodiment, word segmentation processing is performed on each password character string in a predetermined password library according to a natural language processing method, and a word segmentation mode of each password character string is determined. For example, how a password is segmented is determined by performing semantic analysis on a password character string, an iterative algorithm is used to exhaust all possible segmentation modes, such as pinyin, name shorthand, first name, birthday, identity card number, mailbox name, city pinyin, city shorthand, city first letter, and the like, and then an optimal segmentation mode is obtained according to a segmentation scoring algorithm (for example, an algorithm for determining the frequency of the segmentation mode), for example, if the password character string is "lovexy 1314", the segmentation mode may be [ i, love, xy, 1314 ].
In step S310, part-of-speech tagging is performed.
In an example embodiment, the part of speech of each participled sub-character in the password string is tagged. For example, a query for natural language processing library nltk in python may be used to call the nlkt. The input of the part of speech tagging is a password of a divided word, and the output can be [ the password of the divided word, the part of speech of the corresponding position ]. For example, if the password character string is "ilovexy 1314", the word segmentation method may be [ i, love, xy, 1314], and the corresponding part of speech after tagging is [ letters, english words, letters, numbers ].
In step S315, a part-of-speech generalization process is performed.
In an example embodiment, the upper level semantics of a certain participle and the synonym belonging to the same upper level semantics are found, and the participle is generalized. For example, the upper semantics of Changsha and Wuhan are city, province. Through the part-of-speech generalization in the previous step, the password "changsha" can be generalized into a "province meeting", namely, the password "changsha" is the generalization of the "province meeting". In another exemplary embodiment, if the password character string is "ilovexy 1314", the word segmentation method may be [ i, love, xy, 1314], and the word segmentation method after part of speech generalization may be [ letters, english words, letters, numbers ]
In step S320, a semantic tree is constructed.
In an example embodiment, the semantic tree is a splicing rule of password character strings, that is, a user information splicing rule. After generalization, a semantic tree corresponding to the password character string may be constructed, and a level to which each participle in the semantic tree is abstracted may also be determined, for example, love includes two levels of abstraction, the first level is an english verb, and the second level is an english word. FIG. 4 shows a semantic tree for the password string "ilovexy 1314".
In step S325, a weak password is generated.
In an example embodiment, corresponding characters are extracted from the user information base in the big data platform 350 according to the semantic tree, generating a weak password. For example, a character corresponding to the part of speech of a participle in the semantic tree is extracted from the user information of the target user, and a weak password corresponding to the target user is generated.
Further, through the analysis of the above steps, a weak password table or an attack dictionary corresponding to the semantic tree of weak passwords is obtained, through analyzing user information of a large number of users, weak password tables corresponding to different semantic trees of weak passwords can be obtained, and according to the ranking of the use frequency of the semantic trees, the weak password dictionary base 360 based on natural language processing can be obtained.
In step S330, user information is acquired.
In an example embodiment, the user information in each system is gathered to the big data platform 350, the splicing rules of the user information are manually maintained, and the personalized weak password dictionary base is generated according to the rule set.
In step S335, a user information splicing rule is maintained.
In an example embodiment, a new user information stitching rule may be dynamically generated based on a new user password. And constructing a new semantic tree according to the new user password, and generating a corresponding user information splicing rule.
According to the technical scheme in the example embodiment of fig. 3, on one hand, by collecting user information, a weak password table can be constructed closer to the setting habit of using a weak password by a real user; on the other hand, a semantic tree for generating a password is generated by performing natural language processing on password character strings in a predetermined password library, and a weak password is generated by combining user information through the semantic tree, so that a user password associated with the user information can be generated efficiently; on the other hand, compared with the scheme of adopting the static weak password dictionary table in the prior art, the weak password table can be dynamically generated, so that the weak password table can be dynamically updated in real time, and the reliability of the detection result of the weak password is further improved.
Fig. 5 illustrates a flow diagram of weak password scanning in some example embodiments according to the present disclosure.
Referring to fig. 5, in step S505, a scan job is newly added.
In an example embodiment, a weak password scanning task is created in response to a newly added scanning task operation, and weak password scanning is performed in response to an operation of clicking an execution key.
In step S510, a scan job is performed.
In an example embodiment, a user password of a user is obtained from a password file in a multi-thread manner; and scanning and comparing the user password according to the weak password table.
In step S515, the scanning is suspended.
In step S520, the scanning is continued.
In step S525, the scanning is completed.
In an example embodiment, a pause, resume, or end button may be clicked during execution of the scanning task to pause, resume, or end scanning. After the scanning is finished, the repeated scanning key can be clicked to execute weak password scanning again.
In step S530, it is determined whether a weak password exists.
In an example embodiment, it is determined whether a weak password exists according to the scan result. If the comparison result is consistent, the user password is a weak password; if the comparison result is not consistent, the scanning comparison is continued until the comparison result is consistent or the scanning of all the weak passwords in the weak password table is completed.
In step S535, a short message alert is sent.
In an exemplary embodiment, after the weak password is scanned, if the weak password appears, the related host responsible person is alerted in a short message manner.
In step S540, weak password repair is performed.
In an example embodiment, if a weak password is present, the host is prompted to blame the person to modify the password. And responding to the password modification operation, and modifying the corresponding user password in the password file by weak password modification.
In step S545, it is determined that the repetitive scanning is performed.
In an example embodiment, the weak password swipe is resumed in response to a swipe operation by the security administrator. And if the weak password is not found after the repeated scanning, the process is ended.
Since the weak password scan is a task that consumes CPU resources very much, according to the technical solution in the example embodiment of fig. 5, on one hand, the scan process is separated from the production host, and zero influence on the performance and security of the production host is achieved; on the other hand, the multithread scanning can automatically select the thread number according to the CPU core number of the computing node, so that the performance of the computing node is utilized to the maximum extent, and the scanning time is saved.
Fig. 6 illustrates a flow diagram of weak password scanning by a single compute node of some example embodiments of the present disclosure.
In step S605, a password file of the host is acquired.
In an example embodiment, for a user password of a host and a DataBase to be subjected to weak password scanning currently, a shadow file, that is, a shadow file, of the host 110 is copied, user password information is stored in the shadow file, and a user $ table of MySQL or a sys $ table of Oracle is connected to the DataBase through JDBC (Java DataBase Connectivity) and a generated password file is derived. And when the password file is acquired, file naming is carried out according to the cmdb identifier of the target host or the database, so that the password file name is ensured to be globally unique.
Further, taking a shadow file in a Linux system as an example to analyze and extract data, extracting a user name and a user password in a password file, for example, taking the user name and the user password as password record information of a user, and extracting user name and password ciphertext data after dividing the user name and the password record information according to a colon.
In step S610, users that cannot log in the password file are filtered out according to the user status.
In an example embodiment, in the process of obtaining user password data, user password data is extracted from a shadow file in a Linux system, and users who cannot log in the generated file are filtered out according to a user state field in a password file database table, for example, the default shell is a nonlogin, a shutdowny, a false, an ACCOUNT _ locked is N, and an ACCOUNT _ STATUS is an EXPIRED user.
In step S615, the password file is encrypted by the encryption operation and uploaded to the data cache.
In an example embodiment, in order to avoid potential safety hazards caused by file leakage, after a user password file is generated, the password file is encrypted by using an encryption algorithm such as an MD5 algorithm, and a corresponding task batch number + cmdb identifier is generated to serve as a file name of the password file, so that the global uniqueness of the password file is ensured.
Further, the generated encrypted password files are uploaded to the servers 660 of the data cache 120 (the same procedure is performed on each host, so that one password file corresponds to one host or database in the server of the data cache 120).
In step S620, the computing node 130 downloads the password file.
In an example embodiment, each computing node to which the current task is allocated downloads a plurality of password files to be scanned from the data cache 120 according to its own computing capacity (CPU resource);
further, each computing node to which the current task is allocated is connected to the weak password library according to the cmdb identifier corresponding to the password file to be scanned to obtain the generated user weak password table corresponding to the weak password library, and key-value key value pairs of all user names and weak passwords are read and cached in the memory, for example, the weak password table 650 cached in the memory, wherein key is the user identifier, and value is the MD5 value of the weak password.
In step S625, the password file is decrypted by the decryption operation.
In an example embodiment, each computing node to which the current task is allocated reads a password file to be scanned (here, a password file corresponding to the host 192.168.1.10), decrypts the password file, obtains a key-value group of a user name and a ciphertext of an encrypted user password as target data of weak password scanning, and caches the target data in the memory.
In step S630, the password in the password file is scanned in a multi-thread manner.
In an example embodiment, each compute node to which the current task is assigned takes out the weak ciphers of each group of key-value one by one from the weak cipher table 650 cached in step S620, simulates an encryption algorithm of the corresponding host or database system to obtain a ciphertext of the weak cipher, such as an MD5 value, and compares the ciphertext of the weak cipher with the ciphertext of the target data in step S625.
In step S635, when the comparison is consistent or the weak password table is completely traversed, a scanning result is obtained.
In an example embodiment, if the comparison is consistent, the user password corresponding to the target data is a weak password, and if the comparison is not consistent, the step is repeated until ciphertext with consistent comparison is found or all weak passwords are scanned completely. Step S635 may be performed concurrently using multiple threads;
further, repeating the steps S620 to 635 for each computing node to which the current task is assigned until all the files downloaded in step S620 are scanned;
further, repeating the steps S615 to S635 for each computing node to which the current task is allocated until the scanning of the files in all the file servers is completed;
in step S640, the scan result is uploaded and stored.
In an example embodiment, each computing node to which the current task is assigned uploads the scan results to the server 660 of the data cache 120.
The solution in the exemplary embodiment of fig. 6 has the following advantages:
(1) due to the adoption of a distributed architecture, the calculation nodes can be freely increased and decreased according to the scanning task amount, and the node increase and decrease can be simply realized only by copying or deleting a scanning program and a weak password library to the calculation nodes;
(2) scanning is carried out in a mode of separating from a host, and because weak password scanning is a task which consumes CPU resources very much, zero influence on the performance and the safety of the production host is realized by separating a scanning process from the production host;
(3) the method adopts a multi-thread mode for scanning, can automatically select thread number according to the CPU core number of the computing node, maximally utilizes the performance of the computing node, and saves the scanning time;
(4) the scanning task is preprocessed, the task is preprocessed before scanning, unnecessary scanning users are automatically removed, and the task amount is reduced;
(5) through the simulation system encryption algorithm, single password authentication reaches millisecond level, and the authentication speed is remarkably improved compared with the traditional simulation login authentication.
(6) And a nondestructive cracking technology is adopted, and a password file is technically extracted for analysis, so that the performance of a service system is effectively and zero-influence.
Fig. 7 illustrates a flow diagram for multiple computing nodes downloading a password file in some example embodiments according to the present disclosure.
In step S705, the listening is started.
In an example embodiment, the server of the data cache 120 initiates a snoop of whether any computing nodes 130 need to download the password file.
In step S710, the computing node 130 sends a download request and authentication information to the data cache 120.
In an example embodiment, the computing node 130 issues a request to the data cache 120 to download n password files while sending authentication information. n may be determined from the computing node's 130 own computing power (CPU resource) download.
In step S715, it is determined whether the node authentication is passed.
In an example embodiment, the server of the data cache 120 verifies the computing node identity, and if the verification passes, proceeds to step S720, and if the verification fails, the connection is disconnected.
In step S720, it is determined whether a global lock is acquired.
In an example embodiment, a global lock is acquired, and if the acquisition of the global lock fails, the system waits until the acquisition is successful.
In step S725, it is determined whether there is an unsent file.
In an exemplary embodiment, it is determined whether there is an unsent password file, and if yes, proceed to step S730; if not, the global lock is released.
In step S730, the password file is read and sent to the computing node.
In an example embodiment, all currently unsent files are read, n (if less than n, all) password files are extracted and sent to the computing node, where n may be determined according to the processing power of the computing node.
In step S735, the sent file is marked.
In an exemplary embodiment, the file transmitted in step S730 is marked as transmitted;
in step S740, the global lock is released.
According to the technical scheme in the example embodiment of fig. 7, the password file is downloaded by using a plurality of computing nodes concurrently, so that the scanning efficiency of the password file can be improved.
It is noted that the above-mentioned figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the present disclosure and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
Embodiments of the disclosed apparatus are described below, which may be used to perform the above-described weak password detection methods of the present disclosure.
Fig. 8 shows a schematic structural diagram of a weak password detection apparatus according to an embodiment of the present disclosure.
Referring to fig. 8, the weak password detection apparatus 800 includes: a user information obtaining module 810, configured to obtain user information of a plurality of users; a weak code table generating module 820, configured to generate a weak code table based on the user information and the user information splicing rule; the scanning module 830 is configured to scan and detect the user password of the user in the password file based on the weak password table.
In some example embodiments, the weak cipher table generation module 820 includes: the rule generating unit is used for enumerating word segmentation modes and splicing rules of password character strings in a preset password library and generating a group of user information splicing rules; and the password generating unit is used for extracting corresponding characters from the user information to carry out splicing processing based on the user information splicing rule to generate a weak password table.
In some example embodiments, the rule generation unit is further configured to: performing word segmentation on the password character strings in the preset password library through natural language processing, and enumerating word segmentation modes of sub character strings of each password character string after word segmentation; performing part-of-speech tagging and part-of-speech generalization processing on the sub-character strings of each password character string after word segmentation, and determining the splicing rule of each password character string; obtaining a password generation rule tree based on the word segmentation mode and the splicing rule of each password character string, wherein the password generation unit is further configured to: and based on the password generation rule tree, extracting corresponding characters from the user information to carry out splicing processing, and generating a weak password table.
In some example embodiments, the apparatus 800 further comprises: a usage frequency determining module, configured to determine a usage frequency of each user information splicing rule in the set of user information splicing rules in the predetermined password library; and the sequencing module is used for sequencing the user information splicing rules in the group of user information splicing rules according to the use frequency.
In some example embodiments, the scanning module 830 is further configured to: acquiring the user password of the user from a password file in a multithreading mode; scanning and comparing the user password according to the weak password table; if the comparison result is consistent, determining that the user password is a weak password; and if the comparison results are not consistent, continuing to perform scanning comparison until the comparison results are consistent or all the weak passwords in the weak password table are scanned completely.
In some example embodiments, the scanning module 830 is further configured to: acquiring user passwords of users in a number corresponding to the computing capacity of each computing node from the password file in a multithreading mode through each computing node in the distributed system; and scanning and comparing the user password through each computing node according to the weak password table.
In some example embodiments, the apparatus 800 further comprises: and the alarm module is used for giving an alarm in a short message mode if the user password is a weak password.
For details that are not disclosed in the embodiments of the apparatus of the present disclosure, please refer to the embodiments of the weak password detection method of the present disclosure for the details that are not disclosed in the embodiments of the apparatus of the present disclosure.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Moreover, although the steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, there is also provided a computer storage medium capable of implementing the above method. On which a program product capable of implementing the above-described method of the present specification is stored. In some possible embodiments, various aspects of the present disclosure may also be implemented in the form of a program product including program code for causing a terminal device to perform the steps according to various exemplary embodiments of the present disclosure described in the "exemplary methods" section above of this specification when the program product is run on the terminal device.
The program product may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present disclosure is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product described above may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
In addition, in an exemplary embodiment of the present disclosure, an electronic device capable of implementing the above method is also provided.
As will be appreciated by one skilled in the art, aspects of the present disclosure may be embodied as a system, method or program product. Accordingly, various aspects of the present disclosure may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
An electronic device 900 according to this embodiment of the disclosure is described below with reference to fig. 9. The electronic device 900 shown in fig. 9 is only an example and should not bring any limitations to the functionality or scope of use of the embodiments of the present disclosure.
As shown in fig. 9, the electronic device 900 is embodied in the form of a general purpose computing device. Components of electronic device 900 may include, but are not limited to: the at least one processing unit 910, the at least one memory unit 920, and a bus 930 that couples various system components including the memory unit 920 and the processing unit 910.
Wherein, the storage unit stores program codes, and the program codes can be executed by the processing unit 910, so that the processing unit 910 executes the steps according to various exemplary embodiments of the present disclosure described in the "exemplary method" section above in this specification. For example, the processing unit 910 described above may perform the following as shown in fig. 2: step S210, obtaining user information of a plurality of users; step S220, generating a weak cipher table based on the user information and the user information splicing rule; step S230, scanning and detecting the user password of the user in the password file based on the weak password table.
For example, the processing unit 910 may further perform the weak password detection method in the embodiment of the foregoing manner.
The storage unit 920 may include a readable medium in the form of a volatile storage unit, such as a random access memory unit (RAM)9201 and/or a cache memory unit 9202, and may further include a read only memory unit (ROM) 9203.
Storage unit 920 may also include a program/utility 9204 having a set (at least one) of program modules 9205, such program modules 9205 including but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 930 can be any of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 900 may also communicate with one or more external devices 990 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 900, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 900 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interface 950. Also, the electronic device 900 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet) via the network adapter 960. As shown, the network adapter 960 communicates with the other modules of the electronic device 900 via the bus 930. It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with the electronic device 900, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
Furthermore, the above-described figures are merely schematic illustrations of processes included in methods according to exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

Claims (10)

1. A weak password detection method, the method comprising:
acquiring user information of a plurality of users;
generating a weak cipher table based on the user information and the user information splicing rule;
and scanning and detecting the user password of the user in the password file based on the weak password table.
2. The method of claim 1, wherein generating a weak cipher table based on the user information and a user information splicing rule comprises:
enumerating word segmentation modes and splicing rules of password character strings in a preset password library to generate a group of user information splicing rules;
and based on the user information splicing rule, extracting corresponding characters from the user information for splicing processing, and generating a weak password table.
3. The method according to claim 1, wherein enumerating word segmentation modes and concatenation rules of password character strings in a predetermined password library to generate a user information concatenation rule comprises:
performing word segmentation on the password character strings in the preset password library through natural language processing, and enumerating word segmentation modes of sub character strings of each password character string after word segmentation;
performing part-of-speech tagging and part-of-speech generalization processing on the sub-character strings of each password character string after word segmentation, and determining the splicing rule of each password character string;
obtaining a password generation rule tree based on the word segmentation mode and the splicing rule of each password character string,
based on the user information splicing rule, extracting corresponding characters from the user information for splicing processing to generate a weak password table, wherein the weak password table comprises the following steps:
and based on the password generation rule tree, extracting corresponding characters from the user information to carry out splicing processing, and generating a weak password table.
4. The method of claim 2, further comprising:
determining the use frequency of each user information splicing rule in the group of user information splicing rules in the preset password library;
and sequencing the user information splicing rules in the group of user information splicing rules according to the using frequency.
5. The method according to any one of claims 1 to 4, wherein the scan detecting the user password of the user in the password file based on the weak password table comprises:
acquiring the user password of the user from a password file in a multithreading mode;
scanning and comparing the user password according to the weak password table;
if the comparison result is consistent, determining that the user password is a weak password;
and if the comparison results are not consistent, continuing to perform scanning comparison until the comparison results are consistent or all the weak passwords in the weak password table are scanned completely.
6. The method of claim 5, wherein obtaining the user password of the user from the password file in a multi-threaded manner comprises:
acquiring user passwords of users in a number corresponding to the computing capacity of each computing node from the password file in a multithreading mode through each computing node in the distributed system;
the scanning and comparing the user password according to the weak password table comprises:
and scanning and comparing the user password through each computing node according to the weak password table.
7. The method of claim 5, further comprising:
and if the user password is a weak password, alarming in a short message mode.
8. A weak password detection apparatus, the apparatus comprising:
the user information acquisition module is used for acquiring user information of a plurality of users;
the weak cipher table generating module is used for generating a weak cipher table based on the user information and the user information splicing rule;
and the scanning module is used for scanning and detecting the user password of the user in the password file based on the weak password table.
9. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the weak password detection method according to any one of claims 1 to 7.
10. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the weak password detection method of any one of claims 1 to 7.
CN202110672884.5A 2021-06-17 2021-06-17 Weak password detection method, device, medium and electronic equipment Pending CN113312610A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110672884.5A CN113312610A (en) 2021-06-17 2021-06-17 Weak password detection method, device, medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110672884.5A CN113312610A (en) 2021-06-17 2021-06-17 Weak password detection method, device, medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN113312610A true CN113312610A (en) 2021-08-27

Family

ID=77379186

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110672884.5A Pending CN113312610A (en) 2021-06-17 2021-06-17 Weak password detection method, device, medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN113312610A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113779553A (en) * 2021-09-01 2021-12-10 中国银行股份有限公司 Password verification method and device, electronic equipment and storage medium
CN114666146A (en) * 2022-03-30 2022-06-24 中国农业银行股份有限公司 Weak password scanning method, device and equipment
CN116319089A (en) * 2023-05-17 2023-06-23 北京源堡科技有限公司 Dynamic weak password detection method, device, computer equipment and medium
CN114666146B (en) * 2022-03-30 2024-07-09 中国农业银行股份有限公司 Weak password scanning method, device and equipment

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113779553A (en) * 2021-09-01 2021-12-10 中国银行股份有限公司 Password verification method and device, electronic equipment and storage medium
CN114666146A (en) * 2022-03-30 2022-06-24 中国农业银行股份有限公司 Weak password scanning method, device and equipment
CN114666146B (en) * 2022-03-30 2024-07-09 中国农业银行股份有限公司 Weak password scanning method, device and equipment
CN116319089A (en) * 2023-05-17 2023-06-23 北京源堡科技有限公司 Dynamic weak password detection method, device, computer equipment and medium
CN116319089B (en) * 2023-05-17 2023-08-11 北京源堡科技有限公司 Dynamic weak password detection method, device, computer equipment and medium

Similar Documents

Publication Publication Date Title
US20220308942A1 (en) Systems and methods for censoring text inline
US20190005121A1 (en) Method and apparatus for pushing information
US8631498B1 (en) Techniques for identifying potential malware domain names
US11068583B2 (en) Management of login information affected by a data breach
US11503070B2 (en) Techniques for classifying a web page based upon functions used to render the web page
CN112712902B (en) Infectious disease infection probability prediction method and device, storage medium, and electronic device
US9355250B2 (en) Method and system for rapidly scanning files
CN110213207B (en) Network security defense method and equipment based on log analysis
CN107506256B (en) Method and device for monitoring crash data
CN113312610A (en) Weak password detection method, device, medium and electronic equipment
CN104598815A (en) Identification method and device of malicious advertisement program and client side
CN110825941A (en) Content management system identification method, device and storage medium
CN110704390B (en) Method, device, electronic equipment and medium for acquiring server maintenance script
US20240095289A1 (en) Data enrichment systems and methods for abbreviated domain name classification
CN112231696B (en) Malicious sample identification method, device, computing equipment and medium
CN110955890A (en) Method and device for detecting malicious batch access behaviors and computer storage medium
CN110737820A (en) Method and apparatus for generating event information
US20220405472A1 (en) Intent classification using non-correlated features
CN114443802A (en) Interface document processing method and device, electronic equipment and storage medium
CN114765599A (en) Sub-domain name acquisition method and device
CN113760568A (en) Data processing method and device
Liu et al. A Feasible Chinese Text Data Preprocessing Strategy
JP4861265B2 (en) Pattern definition generation program
US20240037157A1 (en) Increasing security of a computer program using unstructured text
US20230308369A1 (en) Data migration in application performance monitoring

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination