CN115086008A - Method and device for realizing password security protection, storage medium and electronic equipment - Google Patents
Method and device for realizing password security protection, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN115086008A CN115086008A CN202210662142.9A CN202210662142A CN115086008A CN 115086008 A CN115086008 A CN 115086008A CN 202210662142 A CN202210662142 A CN 202210662142A CN 115086008 A CN115086008 A CN 115086008A
- Authority
- CN
- China
- Prior art keywords
- password
- hash
- value
- salt
- salt value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 150000003839 salts Chemical class 0.000 claims abstract description 151
- 238000012795 verification Methods 0.000 claims abstract description 16
- 238000004422 calculation algorithm Methods 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 8
- 238000012544 monitoring process Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 5
- 238000001514 detection method Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000009938 salting Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Abstract
The invention provides a method and a device for realizing password security protection, which comprise password hash generation and password hash verification, wherein an attacker cannot acquire a password original text from combined data of the password original text and a salt value by a salt value dynamic setting technology which jointly determines the specific position of inserting the salt value into a password through a setting rule, the password original text and the like. The method and the device for realizing the password security protection enhance the capability of the password protection scheme for resisting attack types such as rainbow table attack, violent dictionary attack and the like, thereby improving the security strength of the password protection.
Description
Technical Field
The invention belongs to the technical field of information security and passwords, and particularly relates to a method and a device for realizing password security protection.
Background
The account number-based password authentication mode is still the main method for authenticating users in the current businesses such as electronic commerce, electronic payment, mobile office and the like. The account password authentication mode is simple and convenient, but the password security protection faces a great challenge. The current mainstream password protection method is as follows:
plaintext cipher: the password is stored in the database directly in the clear. The password processing mode is extremely low in safety, and once an attacker obtains the database access authority, the attacker can directly obtain the password of the user.
Cipher protection mode based on cipher key encryption: the password is stored in the database after being encrypted by the encryption key. If the attacker cannot acquire the encryption key or call the encryption key for decryption, the password protection method has high security, and if the attacker can acquire the encryption key or call the encryption key for decryption, the password of the user can also be acquired.
The password protection mode based on the Hash value is as follows: and calculating the hash value of the password and then storing the hash value. Because the hash algorithm has one-way property, even if an attacker obtains the hash value of the password from the database, the attacker cannot deduce the password through the hash value, and therefore the password storage safety is enhanced to a great extent. But this password protection is vulnerable to rainbow table attacks. The attacker pre-computes a large number of cryptographic hash values and stores them in a database, which becomes a rainbow table. If the password database is revealed, the hash value can be found by means of the rainbow table, and then the matched password can be found.
The password protection mode based on the salted hash value is as follows: and combining the password and the salt value, and then storing the hash value. The direct password hash calculation H (password) is updated to be the password and salt value combined hash operation H (salt | | password) or H (password | | | salt) and other forms, wherein H () represents the hash function operation, and | | | represents the character connection. Through the introduction of the salt value, even the hash value of the weak password and the salt value is difficult to appear in the rainbow table, the risk of being attacked by the rainbow table can be greatly reduced, and the security is higher than that of a password protection mode based on the hash value.
Under the condition of storage without trusting key encryption, the current password protection mode based on the salted hash value is the most secure. However, the current salted hash value scheme mainly has two disadvantages:
the low quality salt data results in the hash value being generated that is easily hit by the rainbow table: the scheme of the partial salting hash value adopts a fixed salt value, if the password database uniformly uses a fixed salt value, an attacker can regenerate a rainbow table aiming at the fixed salt value based on the fixed salt value and the existing rainbow table, and then crack the password by using a new rainbow table; most of salted hash value schemes do not detect the quality of salt values, so that the hash values obtained by combining the passwords and the salt values are easy to appear in a rainbow table, and then the passwords are cracked based on the rainbow table. The fixed salt value setting strategy results in that the cryptogram original is easily obtained from the cryptogram original and the salt value combination data: the fixed salt value setting strategy means that the specific position of the salt value inserted into the password is only associated with the setting rule, such as the salt value inserted into the front of the password character string, the salt value inserted into the back of the password character string, the salt value inserted into the middle of the password character string and the like. Under the strategy of setting the salt value fixedly, once an attacker acquires the combined data of the password original text and the salt value (for example, the hash value of the combined data of the password original text and the salt value is just hit by the rainbow table), the password original text can be easily acquired from the combined data.
In view of this, a method and an apparatus for implementing password security protection are needed to improve the security strength of password protection.
Disclosure of Invention
Therefore, the invention provides a method and a device for realizing password security protection, which enhance the capability of a password protection scheme for resisting attack types such as rainbow table attack, violent dictionary attack and the like, thereby improving the security strength of password protection.
The method for realizing the password security protection comprises the steps of password hash generation and password hash verification;
the password hash generation specifically comprises the following steps:
s1, inputting password data, generating the salt length of the password in a predefined salt length range, and randomly generating a salt according to the salt length;
s2, judging the salt value according to a predefined salt value quality judgment strategy;
if the salt value does not meet the judgment requirement, the step of generating the salt value length and the salt value in the step S1 is repeatedly executed until the salt value meets the judgment requirement;
if the salt value meets the judgment requirement, executing the next step;
s3, setting the salt value into a password character string to generate a password hash original text;
the setting strategy when setting is performed is as follows: calculating hash value hp of the password and hash value hs of the salt value h (salt), and then carrying out exclusive-or operation on the password hash value with the length of L bytes and the lowest bit of each byte of the hash value with the length of L bytes to obtain bit string b with the length of L bits 1 b 2 …b L ;
If b is i If the value is 0, no salt character is placed in the password at the position;
if b is i If the value is 1, putting a salt character into the password at the position;
if the unused salt value character still exists when the last character position of the password is placed, the rest salt value characters are added to the tail of the password;
s4, generating a password hash value according to the iterative hash strategy and the password hash original text;
s5, outputting a password salt value and a password hash value;
the password hash verification specifically comprises the following steps:
s1a, inputting a password, a password salt value and a password hash value;
s2a, setting the salt value into the password data through the setting strategy in the step S4 to obtain a password original text;
s3a, selecting a hash algorithm, and generating a final hash value according to the iterative hash strategy of the step S4 in the hash generation;
s4a, if the final hash value in the step S3a is the same as the password hash value in the step S1a, the verification is passed;
if not, the verification fails.
Further, in the step S1 of generating the hash, the predefined salt length ranges from 10 to the hash length L.
Further, in the step S1 of generating the hash, a random bit generator is used to generate a salt value.
Further, in the step S2 of generating the hash, the policy for determining the quality of the salt value includes:
the combined data of the password and the salt value is not all-digital;
the combined data of the password and the salt value is non-full letters;
the combined data of the password and the salt value is not all special characters.
Further, in the step S4 of generating the hash and the step S3a of verifying the hash, the iteration policy specifically includes:
a hash algorithm and iteration times;
and the iteration frequency is 2 after the last byte of the password hash value is subjected to modular operation, the modulus is 30, and the iteration frequency is 2-32.
The invention also provides a password security protection device, comprising:
the salt value generating unit is used for randomly generating salt value length for the input password according to a predefined salt value length range and randomly generating a salt value according to the salt value length;
the salt value quality monitoring unit is used for judging whether the salt value meets the requirement according to a salt value quality judgment strategy;
the salt value setting unit is used for setting the salt value into the password character string according to a setting strategy to generate a Hash original text;
and the password hash generation and verification unit is used for generating hash value data according to the iterative hash strategy and the password hash original text.
The invention also provides a computer storage medium, which stores a computer program for executing the implementation method of password security protection.
The invention also provides an electronic device, which comprises a processor, a memory for storing the executable instructions of the processor and a device for realizing the password security protection;
the processor is used for executing the implementation method of the password security protection of any one of the claims 1 to 5.
Compared with the prior art, the technical scheme of the invention has the following advantages:
the method reduces the hit probability of the rainbow table by means of dynamic salt value generation, salt value quality detection, iterative hash and the like, and enables an attacker to be incapable of acquiring the password original text from the password original text and salt value combined data by a salt value dynamic setting technology which jointly determines the specific position of inserting the salt value into the password by a setting rule, the password original text and the like, so that the capability of a password protection scheme for resisting attacks such as rainbow table attack, brute force dictionary attack and the like is greatly enhanced, and the security strength of password protection is greatly improved.
Drawings
Fig. 1 is a schematic flowchart of password hash generation according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of password hash verification according to an embodiment of the present invention;
FIG. 3 is a block diagram of a password security protection device according to an embodiment of the present invention;
fig. 4 is a schematic diagram of module connection of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
The embodiment provides a method and a device for realizing password security protection.
The method for realizing high-strength password security protection by fusing technologies such as salt value dynamic generation, salt value quality detection, salt value dynamic setting, iterative hash calculation and the like mainly comprises two processes: a password hash value generation process and a password hash value verification process.
As shown in fig. 1, the process of generating the cryptographic hash value is as follows:
the user inputs password data password as external input for calculating the password hash value, and the password value is a 'fuzzy' character string; the salt value generation unit randomly generates salt value lengths according to a predefined salt value length range and randomly generates salt values salt according to the salt value lengths. The generated salt has a length of 12 and the string corresponding to the generated salt is "3D × 8 m% 15& kp! ".
And the salt value quality detection unit judges whether the salt value meets the requirement according to a salt value quality judgment strategy. The cryptogram text "fuzami" and the salt value "3D 8 m% 15& kp! "meets the quality requirement of salt value.
And (5) the quality of the salt value meets the quality requirement, and the subsequent steps are continuously executed.
And the salt value setting unit sets the salt value into the password character string according to the setting strategy to generate the password hash original text data.
The method specifically comprises the following steps: the SM3 hash value hp of the calculated password "fuzama" (corresponding to hexadecimal 0x66757a616D696D61) is 0x35cd3fc6a5c58b7e8abf5179c0ad76b168e65ac343c92b6ab7259D706512D2bc and the salt value "3D 8 m% 15 m%&kp! "(corresponding to hexadecimal 0x33442a386d253135266b7021) SM3 hash value hs ═ 0x740b2bc1eb2c168e1ed29aaab52dc8f9089cebba67d68d9d67d9c76c995e4a6c, and then carrying out exclusive OR operation on the 32-byte-length cryptographic hash value and the lowest bit of each byte of the 32-byte-length salt hash value to obtain a bit string b with the length of 32 bits 1 b 2 …b L Is 10010110011110000011010100000000. If b is i If the value is 0, no salt character is placed in the password at that location. If b is i If the value is 1, a salt character is put in the password at the position. If there are still unused salt characters when the last character of the password is placed, the rest salt characters are added to the end of the password, and finally the hash original text data is' f3uzaDmi x m8 a% 15%&kp!”。
And the password hash generation and verification unit generates hash value data according to the iterative hash strategy and the password hash original text. The iterative hash strategy comprises a hash algorithm and the iteration times, wherein the last byte 0xbc of which the iteration times are the hash value hp of the original password is subjected to modulo 30 operation, and then 2 is added to obtain a result of 10. And (3) performing 10-round iterative hash operation on the hash original text data formed in the step (5) to calculate a final hash value h to be 0xdf48baeaea878513ca6c32a69483782aeeb7766aaf03ff3aee8c6701529b993 c.
The password safety protection device outputs the final password salt value and the password hash value data.
As shown in fig. 2, the process of verifying the hash value of the password in the password security protection method provided in this embodiment includes the following steps:
inputting a user password ' fuzama ', a password salt value ' 3D 8 m% 15& kp! ", cryptographic hash value data 0xdf48baeaea878513ca6c32a69483782aeeb7766aaf03ff3aee8c6701529b993 c;
the salt value setting unit sets the salt value into the password character string according to the setting strategy to generate password hash original text data. The method specifically comprises the following steps: the SM3 hash value hp of the calculated password "fuzama" (corresponding to hexadecimal 0x66757a616D696D61) is 0x35cd3fc6a5c58b7e8abf5179c0ad76b168e65ac343c92b6ab7259D706512D2bc and the salt value "3D 8 m% 15 m%&kp! "(corresponding to hexadecimal 0x33442a386d253135266b7021) SM3 hash value hs ═ 0x740b2bc1eb2c168e1ed29aaab52dc8f9089cebba67d68d9d67d9c76c995e4a6c, and then performing exclusive-or operation on the 32-byte-length cryptographic hash value and the lowest bit of each byte of the 32-byte-length salt hash value to obtain a bit string b of 32 bits 1 b 2 …b L Is 10010110011110000011010100000000. If b is i If the value is 0, the salt character is not placed in the password at the position. If b is i If the value is 1, a salt character is put in the password at the position. If there are still unused salt characters when the last character of the password is placed, the rest salt characters are added to the end of the password, and finally the hash original text data is' f3uzaDmi x m8 a% 15%&kp!”。
The password hash generation and verification unit selects a hash algorithm and generates hash value data according to the iterative hash strategy and the password hash original text. The iterative hash strategy comprises a hash algorithm and the iteration times, wherein the iteration times are 2 after the last byte of the original password hash value hp is subjected to modular operation, the modulus value is 30, and the iteration times n are ensured to be between 2 and 32. And then performing n-round iterative hash operation on the formed hash original text data to calculate a final hash value h' to be 0xdf48baeaea878513ca6c32a69483782aeeb7766aaf03ff3aee8c6701529b993 c. The hash values h and h' are identical.
And outputting the password verification success when the hash values h and h' are consistent.
The implementation apparatus for password security protection in this embodiment, as shown in fig. 3, includes a salt value generation unit, a salt value quality detection unit, a salt value setting unit, and a password hash generation and verification unit, and outlines functions of the units, as set forth in the implementation method for password security protection in this embodiment.
The method and the device in the embodiment greatly increase the complexity of the Hash original text and the complexity of outputting the Hash value through the technologies of salt value dynamic generation, salt value quality detection, iterative Hash and the like, thereby greatly reducing the hit probability of the rainbow table compared with other password protection methods; and through the salt value dynamic setting technology, the specific position of the salt value inserted into the password is determined by the setting rule, the password original text and the like, and the specific position of the salt value inserted into the password by other password methods is determined only by the setting rule. In this embodiment, the specific position of the salt value inserted password is strongly associated with the unknown password plaintext, and even if an attacker obtains the system source code and knows the setting rule, the attacker cannot obtain the specific position of the salt value inserted password, so that the password plaintext cannot be obtained. Therefore, the embodiment has strong capability of resisting attacks such as rainbow table attack and violent dictionary attack, and the password security protection method of the embodiment has higher security compared with plaintext passwords, hash password protection methods, other password protection methods based on salt value hash, and the like.
Next, an electronic apparatus according to an embodiment of the present application is described with reference to fig. 4. The electronic device may be either or both of the first device and the second device, or a stand-alone device separate from them, which stand-alone device may communicate with the first device and the second device to receive the acquired input signals therefrom.
FIG. 4 shows a block diagram of an electronic device according to an embodiment of the application.
As shown in fig. 4, the electronic device 10 includes one or more processors 11 and memory 12.
The processor 11 may be a Central Processing Unit (CPU) or other form of processing unit having data processing capabilities and/or instruction execution capabilities, and may control other components in the electronic device 10 to perform desired functions.
Memory 12 may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, Random Access Memory (RAM), cache memory (cache), and/or the like. The non-volatile memory may include, for example, Read Only Memory (ROM), hard disk, flash memory, etc. One or more computer program instructions may be stored on the computer-readable storage medium and executed by the processor 11 to implement the implementation method of the cryptographic security protection in the embodiment described above and/or other desired functions. Various contents such as an input signal, a signal component, a noise component, etc. may also be stored in the computer-readable storage medium.
In one example, the electronic device 10 may further include: an input device 13 and an output device 14, which are interconnected by a bus system and/or other form of connection mechanism (not shown).
When the electronic device is a stand-alone device, the input means 13 may be a communication network connector for receiving the acquired input signals from the first device and the second device.
The input device 13 may also include, for example, a keyboard, a mouse, and the like.
The output device 14 may output various information including the determined distance information, direction information, and the like to the outside. The output devices 14 may include, for example, a display, speakers, a printer, and a communication network and its connected remote output devices, among others.
Of course, for simplicity, only some of the components of the electronic device 10 relevant to the present application are shown in fig. 4, omitting components such as buses, input/output interfaces, and the like. In addition, the electronic device 10 may include any other suitable components depending on the particular application.
In addition to the above-described methods and apparatus, embodiments of the present application may also be a computer program product comprising computer program instructions that, when executed by a processor, cause the processor to perform the steps in a method of implementing cryptographic security protection according to various embodiments of the present application described in the "exemplary methods" section of this specification above.
The computer program product may be written with program code for performing the operations of embodiments of the present application in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present application may also be a computer-readable storage medium having stored thereon computer program instructions that, when executed by a processor, cause the processor to perform the steps in a method of implementing cryptographic security protection according to various embodiments of the present application described in the "exemplary methods" section above in this specification.
The computer-readable storage medium may take any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may include, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It should be understood that the above examples are only for clarity of illustration and are not intended to limit the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. And obvious variations or modifications therefrom are within the scope of the invention.
Claims (8)
1. The method for realizing the password security protection is characterized by comprising the steps of generating a password hash and verifying the password hash;
the password hash generation specifically comprises the following steps:
s1, inputting password data, generating the salt length of the password in a predefined salt length range, and randomly generating a salt according to the salt length;
s2, judging the salt value according to a predefined salt value quality judgment strategy;
if the salt value does not meet the judgment requirement, the step of generating the salt value length and the salt value in the step S1 is repeatedly executed until the salt value meets the judgment requirement;
if the salt value meets the judgment requirement, executing the next step;
s3, setting the salt value into a password character string to generate a password hash original text;
the setting strategy when setting is carried out is as follows: calculating hash value hp of the password and hash value hs of the salt value h (salt), and then carrying out exclusive-or operation on the password hash value with the length of L bytes and the lowest bit of each byte of the hash value with the length of L bytes to obtain bit string b with the length of L bits 1 b 2 …b L ;
If b is i If the value is 0, no salt character is placed in the password at the position;
if b is i If the value is 1, putting a salt character into the password at the position;
if the unused salt value character still exists when the last character position of the password is placed, the rest salt value characters are added to the tail of the password;
s4, generating a password hash value according to the iterative hash strategy and the password hash original text;
s5, outputting a password salt value and a password hash value;
the password hash verification specifically comprises the following steps:
s1a, inputting a password, a password salt value and a password hash value;
s2a, setting the salt value into the password data through the setting strategy in the step S4 to obtain a password original text;
s3a, selecting a hash algorithm, and generating a final hash value according to the iterative hash strategy of the step S4 in the hash generation;
s4a, if the final hash value in the step S3a is the same as the password hash value in the step S1a, the verification is passed;
if not, the verification fails.
2. The method for implementing cryptographic security protection of claim 1, wherein in the step S1 of generating the hash, the predefined salt length is in the range of 10 to the hash length L.
3. The method for implementing cryptographic security protection of claim 1, wherein in the step S1 of hash generation, a random bit generator is used to generate a salt value.
4. The method for implementing cryptographic security protection according to claim 3, wherein in the step S2 of generating the hash, the salt quality determination policy includes:
the combined data of the password and the salt value is not all-digital;
the combined data of the password and the salt value is non-full letters;
the combined data of the password and the salt value is not all special characters.
5. The method for implementing cryptographic security protection according to claim 1, wherein in the step S4 of generating the hash and the step S3a of verifying the hash, the iteration policy specifically includes:
a hash algorithm and iteration times;
and the iteration frequency is 2 after the last byte of the password hash value is subjected to modular operation, the modulus is 30, and the iteration frequency is 2-32.
6. An apparatus for implementing password security protection, comprising:
the salt value generating unit is used for randomly generating salt value length for the input password according to a predefined salt value length range and randomly generating a salt value according to the salt value length;
the salt value quality monitoring unit is used for judging whether the salt value meets the requirement according to a salt value quality judgment strategy;
the salt value setting unit is used for setting the salt value into the password character string according to a setting strategy to generate a Hash original text;
and the password hash generation and verification unit is used for generating hash value data according to the iterative hash strategy and the password hash original text.
7. A computer storage medium, characterized in that the storage medium stores a computer program for executing the method for implementing cryptographic security protection according to any one of claims 1 to 5.
8. An electronic device comprising a processor and a memory for storing instructions executable by the processor, wherein the processor is configured to perform the method for implementing cryptographic security as claimed in any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210662142.9A CN115086008B (en) | 2022-06-13 | 2022-06-13 | Method and device for realizing password security protection, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210662142.9A CN115086008B (en) | 2022-06-13 | 2022-06-13 | Method and device for realizing password security protection, storage medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115086008A true CN115086008A (en) | 2022-09-20 |
| CN115086008B CN115086008B (en) | 2024-02-09 |
Family
ID=83251307
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210662142.9A Active CN115086008B (en) | 2022-06-13 | 2022-06-13 | Method and device for realizing password security protection, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115086008B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115906055A (en) * | 2023-01-31 | 2023-04-04 | 江苏金盾检测技术股份有限公司 | Password evaluation method and system with automatic calibration function based on password library comparison |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140032922A1 (en) * | 2012-07-18 | 2014-01-30 | TapLink, Inc. | Blind hashing |
| US20150349954A1 (en) * | 2014-06-03 | 2015-12-03 | Mason Borda | System and method for random seed generation |
| CN105721390A (en) * | 2014-12-01 | 2016-06-29 | 阿里巴巴集团控股有限公司 | Encrypted storage method and encrypted storage device |
| US20170091441A1 (en) * | 2015-09-29 | 2017-03-30 | International Business Machines Corporation | Password interposer |
| WO2018024056A1 (en) * | 2016-08-05 | 2018-02-08 | 华为技术有限公司 | User password management method and server |
| CN107733656A (en) * | 2017-10-23 | 2018-02-23 | 北京深思数盾科技股份有限公司 | A kind of cipher authentication method and device |
| CN109687966A (en) * | 2017-10-18 | 2019-04-26 | 北京明特量化信息技术有限公司 | Encryption method and its system |
| CN110351077A (en) * | 2019-05-30 | 2019-10-18 | 平安科技(深圳)有限公司 | Method, apparatus, computer equipment and the storage medium of data encryption |
| CN110489466A (en) * | 2019-07-03 | 2019-11-22 | 平安证券股份有限公司 | Generation method, device, terminal device and the storage medium of invitation code |
| CN111428253A (en) * | 2020-03-24 | 2020-07-17 | 福建福链科技有限公司 | Data protection method and system suitable for block chain |
| CN111611576A (en) * | 2020-04-30 | 2020-09-01 | 南京南瑞继保工程技术有限公司 | Account key verification method and device and computer storage medium |
| CN113434852A (en) * | 2021-07-23 | 2021-09-24 | 网易(杭州)网络有限公司 | Password processing method, password verification device, medium and electronic equipment |
| CN113630238A (en) * | 2021-08-10 | 2021-11-09 | 中国工商银行股份有限公司 | User request permission method and device based on password confusion |
| US20220070000A1 (en) * | 2020-08-28 | 2022-03-03 | Red Hat, Inc. | Managing passwords for network-accessible service accounts |
-
2022
- 2022-06-13 CN CN202210662142.9A patent/CN115086008B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140032922A1 (en) * | 2012-07-18 | 2014-01-30 | TapLink, Inc. | Blind hashing |
| US20150349954A1 (en) * | 2014-06-03 | 2015-12-03 | Mason Borda | System and method for random seed generation |
| CN105721390A (en) * | 2014-12-01 | 2016-06-29 | 阿里巴巴集团控股有限公司 | Encrypted storage method and encrypted storage device |
| US20170091441A1 (en) * | 2015-09-29 | 2017-03-30 | International Business Machines Corporation | Password interposer |
| WO2018024056A1 (en) * | 2016-08-05 | 2018-02-08 | 华为技术有限公司 | User password management method and server |
| CN109687966A (en) * | 2017-10-18 | 2019-04-26 | 北京明特量化信息技术有限公司 | Encryption method and its system |
| CN107733656A (en) * | 2017-10-23 | 2018-02-23 | 北京深思数盾科技股份有限公司 | A kind of cipher authentication method and device |
| CN110351077A (en) * | 2019-05-30 | 2019-10-18 | 平安科技(深圳)有限公司 | Method, apparatus, computer equipment and the storage medium of data encryption |
| CN110489466A (en) * | 2019-07-03 | 2019-11-22 | 平安证券股份有限公司 | Generation method, device, terminal device and the storage medium of invitation code |
| CN111428253A (en) * | 2020-03-24 | 2020-07-17 | 福建福链科技有限公司 | Data protection method and system suitable for block chain |
| CN111611576A (en) * | 2020-04-30 | 2020-09-01 | 南京南瑞继保工程技术有限公司 | Account key verification method and device and computer storage medium |
| US20220070000A1 (en) * | 2020-08-28 | 2022-03-03 | Red Hat, Inc. | Managing passwords for network-accessible service accounts |
| CN113434852A (en) * | 2021-07-23 | 2021-09-24 | 网易(杭州)网络有限公司 | Password processing method, password verification device, medium and electronic equipment |
| CN113630238A (en) * | 2021-08-10 | 2021-11-09 | 中国工商银行股份有限公司 | User request permission method and device based on password confusion |
Non-Patent Citations (3)
| Title |
|---|
| 乔木;唐浩;王丽娟;: "一种加盐哈夫曼编码加密方式的实现", 信息与电脑(理论版), no. 24 * |
| 李兴望;陈磊松;周小方;: "一种带有盐度值的安全哈希加密算法的设计与实现", 漳州师范学院学报(自然科学版), no. 02 * |
| 祝彦斌;王春玲;: "一种Hash特征隐藏的加盐信息摘要模型", 计算机技术与发展, no. 03 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115906055A (en) * | 2023-01-31 | 2023-04-04 | 江苏金盾检测技术股份有限公司 | Password evaluation method and system with automatic calibration function based on password library comparison |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115086008B (en) | 2024-02-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2021012552A1 (en) | Login processing method and related device | |
| US10924289B2 (en) | Public-private key pair account login and key manager | |
| TWI454111B (en) | Techniques for ensuring authentication and integrity of communications | |
| CN107295011B (en) | Webpage security authentication method and device | |
| US8195951B2 (en) | Data processing system for providing authorization keys | |
| CN110868287B (en) | Authentication encryption ciphertext coding method, system, device and storage medium | |
| US20100131756A1 (en) | Username based authentication and key generation | |
| CN112637131A (en) | User identity authentication method, device, equipment and storage medium | |
| MXPA03003710A (en) | Methods for remotely changing a communications password. | |
| EP3824592A1 (en) | Public-private key pair protected password manager | |
| CN110505067B (en) | Block chain processing method, device, equipment and readable storage medium | |
| US20070014398A1 (en) | Generating a secret key from an asymmetric private key | |
| CN110690956B (en) | Bidirectional authentication method and system, server and terminal | |
| CN111639325B (en) | Merchant authentication method, device, equipment and storage medium based on open platform | |
| CN112989309B (en) | Login method, authentication method and system based on multi-party authorization and computing equipment | |
| WO2013080062A1 (en) | Cross system secure logon | |
| CN111931158A (en) | Bidirectional authentication method, terminal and server | |
| CN112000967B (en) | Secret parameter generation method and device | |
| KR101253683B1 (en) | Digital Signing System and Method Using Chained Hash | |
| US9210134B2 (en) | Cryptographic processing method and system using a sensitive data item | |
| CN115086008B (en) | Method and device for realizing password security protection, storage medium and electronic equipment | |
| CN111291398B (en) | Block chain-based authentication method and device, computer equipment and storage medium | |
| Alattar et al. | Anti-continuous collisions user-based unpredictable iterative password salted hash encryption | |
| CN110968878A (en) | Information transmission method, system, electronic device and readable medium | |
| US11424922B2 (en) | Hashing schemes for cryptographic private key generation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20231103 Address after: A1501, 15 / F, No. 22, Zhongguancun Street, Haidian District, Beijing 100089 Applicant after: Beijing xinchangcheng Technology Development Co.,Ltd. Applicant after: Xinchangcheng (Shanghai) Technology Co.,Ltd. Address before: A1501, 15 / F, No. 22, Zhongguancun Street, Haidian District, Beijing 100089 Applicant before: Beijing xinchangcheng Technology Development Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |