CN115086008B - Method and device for realizing password security protection, storage medium and electronic equipment - Google Patents
Method and device for realizing password security protection, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN115086008B CN115086008B CN202210662142.9A CN202210662142A CN115086008B CN 115086008 B CN115086008 B CN 115086008B CN 202210662142 A CN202210662142 A CN 202210662142A CN 115086008 B CN115086008 B CN 115086008B
- Authority
- CN
- China
- Prior art keywords
- password
- hash
- value
- salt
- salt value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 150000003839 salts Chemical class 0.000 claims abstract description 143
- 238000012795 verification Methods 0.000 claims abstract description 15
- 238000004590 computer program Methods 0.000 claims description 9
- 238000004422 calculation algorithm Methods 0.000 claims description 8
- 238000012544 monitoring process Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 5
- 230000002708 enhancing effect Effects 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 5
- 238000001514 detection method Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000004927 fusion Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Abstract
The invention provides a method and a device for realizing password security protection, which comprise password hash generation and password hash verification, and enable an attacker to be incapable of acquiring a password original from password original and password combination data by a password dynamic setting technology for jointly determining a specific position of a password inserted by a salt through setting rules, the password original and the like. The realization method and the device for the password security protection enhance the capability of the password protection scheme for resisting attack types such as rainbow table attack, violent dictionary attack and the like, thereby enhancing the security intensity of the password protection.
Description
Technical Field
The invention belongs to the technical field of information security and passwords, and particularly relates to a method and a device for realizing password security protection.
Background
The authentication mode based on account numbers and passwords is still a main method for authenticating users in the current business such as electronic commerce, electronic payment, mobile office and the like. The account password authentication mode is simple and convenient, but the security protection of the password faces a great challenge. The current mainstream password protection mode is as follows:
plaintext password: the password is stored in the database directly in plaintext. The security of the password processing mode is extremely low, and once an attacker acquires the access right of the database, the attacker can directly acquire the password of the user.
Password protection mode based on key encryption: the password is encrypted by the encryption key and then stored in the database. If the attacker cannot acquire the encryption key or call the encryption key to decrypt, the password protection mode has high security, and if the attacker can acquire the encryption key or call the encryption key to decrypt, the password of the user can also be acquired.
Password protection mode based on hash value: and calculating the hash value of the password and storing the hash value. Because the hash algorithm has unidirectionality, even if an attacker acquires the hash value of the password from the database, the password cannot be deduced through the hash value, so that the password storage safety is greatly enhanced. But such a password protection scheme is vulnerable to rainbow table attacks. An attacker pre-computes hash values of a large number of passwords and stores them in a database, which becomes a rainbow table. If the password database is leaked, the hash value can be found by means of the rainbow table, and then the matched password can be found.
Password protection mode based on salted hash value: and combining the password with the salt value, and then storing the hash value. I.e. updating the direct password hash calculation H (password) into the forms of password and salt combination hash operation H (password) or H (password) and the like, wherein H () represents hash function operation and I represents character connection. By introducing the salt value, even if the hash value of the weak password added with the salt value is hard to appear in the rainbow table, the risk of being attacked by the rainbow table can be greatly reduced, and the password protection method based on the hash value has higher security.
Under the condition of not depending on the key to encrypt and store, the current password protection mode based on the salted hash value is the safest. However, the current salt hash value scheme mainly has two disadvantages:
low quality salt data results in hash values that are easily hit by the rainbow table: if the password database uniformly uses a fixed salt value, an attacker can regenerate a rainbow table aiming at the fixed salt value based on the fixed salt value and the existing rainbow table, and then the password is cracked by using the new rainbow table; most salt adding hash value schemes do not detect the quality of salt values, so that hash values after combination of passwords and salt values are easy to appear in a rainbow table, and then the passwords are cracked based on the rainbow table. The fixed salt setting strategy results in that the cryptographic original is easily obtained from the cryptographic original and salt combination data: the fixed salt setting strategy means that the specific position of the salt inserted password is only associated with the setting rule, such as inserting the salt in front of the password string, inserting the salt behind the password string, inserting the salt in the middle of the password string, and the like. Under the fixed setting strategy of the salt value, once an attacker obtains the combined data of the password original text and the salt value (for example, the hash value of the combined data of the password original text and the salt value is just hit by a rainbow table), the password original text is easily obtained from the combined data.
In view of this, a method and a device for implementing password security protection are needed to improve the security strength of password protection.
Disclosure of Invention
Therefore, the invention provides a method and a device for realizing password security protection, which enhance the capability of a password protection scheme for resisting attack types such as rainbow table attack, violent dictionary attack and the like, thereby enhancing the security intensity of password protection.
The implementation method of the password security protection provided by the invention comprises the steps of password hash generation and password hash verification;
the password hash generation specifically comprises the following steps:
s1, inputting password data, generating a salt value length of a password in a predefined salt value length range, and randomly generating a salt value according to the salt value length;
s2, judging the salt value according to a predefined salt value quality judgment strategy;
if the salt value does not meet the judging requirement, repeating the step of generating the salt value length and the salt value in the step S1 until the salt value meets the judging requirement;
if the salt value meets the judging requirement, executing the next step;
s3, setting the salt value into the password character string to generate a password hash original document;
the setting strategy when setting is: calculating hash value hp=h (password) of the password and hash value hs=h (salt) of the salt value, and performing exclusive-or operation on the password hash value with L byte length and the lowest bit of each byte of the salt hash value with L byte length to obtain bit string b with L bit length 1 b 2 …b L ;
If b i If the value is 0, no salt character is placed in the password at the position;
if b i If the value is 1, a salt character is put in the password of the position;
if the unused salt value character still exists when the last character bit of the password is placed, adding the rest salt value characters to the end of the password;
s4, generating a password hash value according to the iterative hash strategy and the password hash original text;
s5, outputting a password salt value and a password hash value;
the password hash check specifically comprises the following steps:
s1a, inputting a password, a password salt value and a password hash value;
s2a, setting the salt value into the password data through the setting strategy in the step S4 to obtain a password original text;
s3a, selecting a hash algorithm, and generating a final hash value according to the iterative hash strategy of the step S4 in the hash generation;
s4a, if the final hash value in the step S3a is the same as the password hash value in the step S1a, verifying;
if the verification is different, the verification fails.
Further, in the step S1 of hash generation, the predefined salt length range is 10 to a hash value length L.
Further, in the step S1 of hash generation, a random bit generator is used to generate a salt value.
Further, in the step S2 of hash generation, the salt quality determination policy includes:
the combination data of the password and the salt value are not all digital;
the combination data of the password and the salt value are not all letters;
the combination data of the password and the salt value is not all special characters.
Further, in the step S4 of generating the hash and the step S3a of the hash check, the iteration policy specifically includes:
hash algorithm and iteration number;
and the iteration times are obtained by performing modular operation on the last byte of the password hash value, adding 2, and taking the modulus to be 30, so that the iteration times are 2-32.
The invention also provides a password security protection device, which comprises:
the salt value generation unit is used for randomly generating a salt value length according to a predefined salt value length range for an input password and randomly generating a salt value according to the salt value length;
the salt value quality monitoring unit is used for judging whether the salt value meets the requirement according to a salt value quality judging strategy;
the salt value setting unit is used for setting the salt value into the password character string according to a setting strategy to generate a hash original document;
and the password hash generation and verification unit is used for generating hash value data according to the iterative hash strategy and the password hash text.
The invention also provides a computer storage medium, wherein the storage medium stores a computer program, and the computer program is used for executing the implementation method of the password security protection.
The invention also provides electronic equipment, which comprises a processor, a memory for storing the executable instructions of the processor, and a device for realizing the password security protection;
the processor is configured to perform the implementation method for cryptographic security protection as set forth in any one of claims 1-5.
Compared with the prior art, the technical scheme provided by the invention has the following advantages:
the invention reduces the hit probability of the rainbow table through means such as dynamic generation of the salt value, quality detection of the salt value, iterative hash and the like, and enables an attacker to not obtain the password original text from the password original text and salt value combination data through the salt value dynamic setting technology of jointly determining the specific position of the salt value inserted password through setting rules, the password original text and the like, thereby greatly enhancing the capability of the password protection scheme for resisting the attacks such as rainbow table attacks, violent dictionary attacks and the like, and greatly improving the security intensity of the password protection.
Drawings
FIG. 1 is a schematic flow diagram of cryptographic hash generation provided by an embodiment of the present invention;
FIG. 2 is a schematic flow diagram of cryptographic hash verification provided by an embodiment of the present invention;
FIG. 3 is a schematic diagram of module connection of a password security device according to an embodiment of the present invention;
fig. 4 is a schematic diagram of module connection of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made apparent and fully in view of the accompanying drawings, in which some, but not all embodiments of the invention are shown. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the description of the present invention, it should be noted that the directions or positional relationships indicated by the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc. are based on the directions or positional relationships shown in the drawings, are merely for convenience of describing the present invention and simplifying the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it should be noted that, unless explicitly specified and limited otherwise, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be either fixedly connected, detachably connected, or integrally connected, for example; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present invention will be understood in specific cases by those of ordinary skill in the art.
The embodiment provides a method and a device for realizing password security protection.
The technology of fusion salt value dynamic generation, salt value quality detection, salt value dynamic setting, iterative hash calculation and the like provided by the embodiment so as to realize the high-strength password security protection method mainly comprises two major flows: a password hash value generation flow and a password hash value verification flow.
As shown in fig. 1, the password hash value generation flow is as follows:
the user inputs password data password as external input for password hash value calculation, wherein the password value is a fuzamima character string; the salt value generating unit generates salt value length randomly according to a predefined salt value length range and generates salt value salt randomly according to the salt value length. The length of the generated salt value is 12, and the character string corresponding to the generated salt value is' 3D x 8m%15& kp! ".
The salt value quality detection unit judges whether the salt value meets the requirement according to a salt value quality judgment strategy. Cipher text "fuzamima" and salt value "3d x 8m%15& kp-! "meets the quality requirement of salt value".
The quality of the salt value meets the quality requirement, and the subsequent steps are continuously executed.
And the salt value setting unit sets the salt value into the password character string according to a setting strategy to generate password hash original data.
The method comprises the following steps: calculate SM3 hash value hp=0x35 cd3fc6a5c58b7e8abf5179c0ad76b168e65ac343c92b6ab7259d706512d2bc and salt value "3d x 8m%15 for the code" fuzamia "(corresponding hexadecimal 0x66757a616d696d 61)&kp-! The method comprises the steps of performing exclusive OR operation on a 32-bit-length bit string b by using an SM3 hash value hs=0x740 b2bc1eb2c168e1ed29aaab52dc8f9089cebba67d68d9d67d9c76c995e4a6c (corresponding to hexadecimal value 0x33442a386d253135266b 7021) and the lowest bit of each byte of the 32-byte-length password hash value and the 32-byte-length salt hash value 1 b 2 …b L 10010110011110000011010100000000. If b i If the value is 0, no salt character is placed in the password at the position. If b i If the value is 1, a salt character is put in the password of the position. If the unused salt value character still exists when the last character of the password is placed, the rest salt value characters are added to the end of the password, and finally the hash original data is formed to be' f3uzaDmi 8a%15&kp!”。
And the password hash generation and verification unit generates hash value data according to the iterative hash strategy and the password hash original text. The iterative hash strategy comprises a hash algorithm and iteration times, wherein the iteration times are the last byte 0xbc of the original password hash value hp, and the result is 10 after modulo 30 operation is carried out on the last byte 0 xbc. And 5, performing 10 rounds of iterative hash operation on the hash original data formed in the step 5 to calculate a final hash value h of 0xdf baea 878513ca6c32a69483782aeeb7766aaf03ff3aee c6701529b993c.
The password safety protection device outputs final password salt value and password hash value data.
The password hash value verification flow in the password security protection method provided in this embodiment, as shown in fig. 2, includes the following steps:
inputting user password ' fuzamima ', password salt value ' 3D x 8m%15& kp! ", cryptographic hash value data 0xdf baea 878513ca6c32a69483782aeeb7766aaf03ff3aee8c6701529b993c;
and the salt value setting unit sets the salt value into the password character string according to a setting strategy to generate password hash original data. The method comprises the following steps: calculate SM3 hash value hp=0x35 cd3fc6a5c58b7e8abf5179c0ad76b168e65ac343c92b6ab7259d706512d2bc and salt value "3d x 8m%15 for the code" fuzamia "(corresponding hexadecimal 0x66757a616d696d 61)&kp-! "(corresponding hexadecimal to 0x 33442)a386d253135266b 7021) SM3 hash value hs=0x740 b2bc1eb2c168e1ed29aaab52dc8f9089cebba67d68d9d67 d9d 76c995e4a6c, and performing exclusive or operation on the 32-byte-length cipher hash value and the lowest bit of each byte of the 32-byte-length salt hash value to obtain a 32-bit-length bit string b 1 b 2 …b L 10010110011110000011010100000000. If b i If the value is 0, no salt character is placed in the password at the position. If b i If the value is 1, a salt character is put in the password of the position. If the unused salt value character still exists when the last character of the password is placed, the rest salt value characters are added to the end of the password, and finally the hash original data is formed to be' f3uzaDmi 8a%15&kp!”。
The password hash generation and verification unit selects a hash algorithm and generates hash value data according to the iterative hash strategy and the password hash original text. The iterative hash strategy comprises a hash algorithm and iteration times, wherein the iteration times are obtained by performing modular operation on the last byte of the original password hash value hp, then adding 2, and the modulus value is 30, so that the iteration times n are ensured to be between 2 and 32. And then performing n rounds of iterative hash operation on the formed hash original data to calculate a final hash value h' of 0xdf baea 878513ca6c32a69483782aeeb7766aaf03ff3aee c6701529b993c. The hash values h and h' are identical.
And outputting the password verification success when the hash values h and h' are consistent.
The implementation device for password security protection in this embodiment, as shown in fig. 3, includes a salt value generating unit, a salt value quality detecting unit, a salt value setting unit, and a password hash generating and verifying unit, and outlines functions of the units, as described in the implementation method for password security protection in this embodiment.
The method and the device greatly increase the complexity of the hash original text and the complexity of outputting the hash value through the technologies of salt value dynamic generation, salt value quality detection, iterative hash and the like, thereby greatly reducing the hit probability of a rainbow table compared with other password protection methods; and by the salt value dynamic setting technology, the specific position of the salt value inserted into the password is determined by setting rules, password texts and the like, and the specific position of the salt value inserted into the password in other password methods is determined by the setting rules only. In this embodiment, the specific position of the salt value inserted password is strongly associated with the unknown password, and even if an attacker obtains the system source code and knows the setting rule, the attacker cannot obtain the specific position of the salt value inserted password, so that the password can not be obtained. Therefore, the embodiment has strong capability of resisting the attacks such as rainbow table attack, violent dictionary attack and the like, and compared with a plaintext password, a hash password protection method, other password protection methods based on salt hash and the like, the password security protection method of the embodiment has higher security.
Next, an electronic device according to an embodiment of the present application is described with reference to fig. 4. The electronic device may be either or both of the first device and the second device, or a stand-alone device independent thereof, which may communicate with the first device and the second device to receive the acquired input signals therefrom.
Fig. 4 shows a block diagram of an electronic device according to an embodiment of the application.
As shown in fig. 4, the electronic device 10 includes one or more processors 11 and a memory 12.
The processor 11 may be a Central Processing Unit (CPU) or other form of processing unit having data processing and/or instruction execution capabilities, and may control other components in the electronic device 10 to perform desired functions.
Memory 12 may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, random Access Memory (RAM) and/or cache memory (cache), and the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, and the like. One or more computer program instructions may be stored on the computer readable storage medium that may be executed by the processor 11 to implement the method of implementing cryptographic security protection in the present embodiment and/or other desired functions as described above. Various contents such as an input signal, a signal component, a noise component, and the like may also be stored in the computer-readable storage medium.
In one example, the electronic device 10 may further include: an input device 13 and an output device 14, which are interconnected by a bus system and/or other forms of connection mechanisms (not shown).
When the electronic device is a stand-alone device, the input means 13 may be a communication network connector for receiving the acquired input signals from the first device and the second device.
In addition, the input device 13 may also include, for example, a keyboard, a mouse, and the like.
The output device 14 may output various information to the outside, including the determined distance information, direction information, and the like. The output device 14 may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, etc.
Of course, only some of the components of the electronic device 10 that are relevant to the present application are shown in fig. 4 for simplicity, components such as buses, input/output interfaces, etc. are omitted. In addition, the electronic device 10 may include any other suitable components depending on the particular application.
In addition to the methods and apparatus described above, embodiments of the present application may also be a computer program product comprising computer program instructions which, when executed by a processor, cause the processor to perform steps in an implementation method of cryptographic security protection according to various embodiments of the present application described in the above "exemplary methods" section of this specification.
The computer program product may write program code for performing the operations of embodiments of the present application in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present application may also be a computer-readable storage medium, having stored thereon computer program instructions, which when executed by a processor, cause the processor to perform steps in a method of implementing cryptographic security protection according to various embodiments of the present application described in the above "exemplary method" section of the present specification.
The computer readable storage medium may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It is apparent that the above examples are given by way of illustration only and are not limiting of the embodiments. Other variations or modifications of the above teachings will be apparent to those of ordinary skill in the art. It is not necessary here nor is it exhaustive of all embodiments. While still being apparent from variations or modifications that may be made by those skilled in the art are within the scope of the invention.
Claims (7)
1. The implementation method of the password security protection is characterized by comprising password hash generation and password hash verification;
the password hash generation specifically comprises the following steps:
s1, inputting a password, generating a salt value length of the password in a predefined salt value length range, and randomly generating a salt value according to the salt value length;
s2, judging the salt value according to a predefined salt value quality judgment strategy;
if the salt value does not meet the judging requirement, repeating the step of generating the salt value length and the salt value in the step S1 until the salt value meets the judging requirement;
if the salt value meets the judging requirement, executing the next step;
s3, setting the salt value into the password character string to generate a password hash original document;
the setting strategy when setting is: calculating hash value hp=h (password) of the password and hash value hs=h (salt) of the salt value, and performing exclusive-or operation on the password hash value with L byte length and the lowest bit of each byte of the salt value hash value with L byte length to obtain bit string b1 b2 … b L with L bit length;
if b i is 0, the salt character is not placed in the b i position password;
if b i is 1, a salt character is put in the password at b i;
if the unused salt value character still exists when the last character bit of the password is placed, adding the rest salt value characters to the end of the password;
s4, generating a password hash value according to the iterative hash strategy and the password hash original text;
s5, outputting a salt value and a password hash value;
the password hash check specifically comprises the following steps:
s1a, inputting a password, a salt value and a password hash value;
s2a, setting the salt value into the password through the setting strategy in the step S3 to obtain a password original document;
s3a, selecting a hash algorithm, and generating a final hash value according to the iterative hash strategy of the step S4 in the password hash generation;
s4a, if the final hash value in the step S3a is the same as the password hash value in the step S1a, verifying;
if the verification is different, the verification fails;
in the step S4 of generating the password hash and the step S3a of verifying the password hash, the iterative hash strategy specifically includes:
hash algorithm and iteration number;
and performing modular operation on the last byte of the hash value hp of the password, adding 2, and taking the modulus as 30 to enable the iteration number to be 2-32.
2. The method according to claim 1, wherein in the step S1 of generating the cryptographic hash, the predefined salt length ranges from 10 to a hash value length L.
3. The method for implementing password security protection according to claim 1, wherein in the step S1 of generating the password hash, a random bit generator is used to generate the salt value.
4. The method for implementing password security protection according to claim 3, wherein in the step S2 of generating the password hash, the salt quality determination policy includes:
the combination data of the password and the salt value are not all digital;
the combination data of the password and the salt value are not all letters;
the combination data of the password and the salt value is not all special characters.
5. An implementation device for realizing the password security protection, which is used for realizing the method for realizing the password security protection according to any one of claims 1-4, and is characterized by comprising a salt value generation unit, a salt value quality monitoring unit, a salt value setting unit and a password hash generation and verification unit.
6. A computer storage medium, characterized in that the storage medium stores a computer program for executing the method of implementing cryptographic security protection as claimed in any one of the preceding claims 1-4.
7. An electronic device comprising a processor and a memory for storing instructions executable by the processor, wherein the processor is configured to perform the cryptographic security protection implementation method of any of the preceding claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210662142.9A CN115086008B (en) | 2022-06-13 | 2022-06-13 | Method and device for realizing password security protection, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210662142.9A CN115086008B (en) | 2022-06-13 | 2022-06-13 | Method and device for realizing password security protection, storage medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115086008A CN115086008A (en) | 2022-09-20 |
| CN115086008B true CN115086008B (en) | 2024-02-09 |
Family
ID=83251307
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210662142.9A Active CN115086008B (en) | 2022-06-13 | 2022-06-13 | Method and device for realizing password security protection, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115086008B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115906055B (en) * | 2023-01-31 | 2023-05-16 | 江苏金盾检测技术股份有限公司 | Password evaluation method and system with automatic calibration function based on password library comparison |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105721390A (en) * | 2014-12-01 | 2016-06-29 | 阿里巴巴集团控股有限公司 | Encrypted storage method and encrypted storage device |
| WO2018024056A1 (en) * | 2016-08-05 | 2018-02-08 | 华为技术有限公司 | User password management method and server |
| CN107733656A (en) * | 2017-10-23 | 2018-02-23 | 北京深思数盾科技股份有限公司 | A kind of cipher authentication method and device |
| CN109687966A (en) * | 2017-10-18 | 2019-04-26 | 北京明特量化信息技术有限公司 | Encryption method and its system |
| CN110351077A (en) * | 2019-05-30 | 2019-10-18 | 平安科技(深圳)有限公司 | Method, apparatus, computer equipment and the storage medium of data encryption |
| CN110489466A (en) * | 2019-07-03 | 2019-11-22 | 平安证券股份有限公司 | Generation method, device, terminal device and the storage medium of invitation code |
| CN111428253A (en) * | 2020-03-24 | 2020-07-17 | 福建福链科技有限公司 | Data protection method and system suitable for block chain |
| CN111611576A (en) * | 2020-04-30 | 2020-09-01 | 南京南瑞继保工程技术有限公司 | Account key verification method and device and computer storage medium |
| CN113434852A (en) * | 2021-07-23 | 2021-09-24 | 网易(杭州)网络有限公司 | Password processing method, password verification device, medium and electronic equipment |
| CN113630238A (en) * | 2021-08-10 | 2021-11-09 | 中国工商银行股份有限公司 | User request permission method and device based on password confusion |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9021269B2 (en) * | 2012-07-18 | 2015-04-28 | TapLink, Inc. | Blind hashing |
| US20150349954A1 (en) * | 2014-06-03 | 2015-12-03 | Mason Borda | System and method for random seed generation |
| US20170091441A1 (en) * | 2015-09-29 | 2017-03-30 | International Business Machines Corporation | Password interposer |
| US20220070000A1 (en) * | 2020-08-28 | 2022-03-03 | Red Hat, Inc. | Managing passwords for network-accessible service accounts |
-
2022
- 2022-06-13 CN CN202210662142.9A patent/CN115086008B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105721390A (en) * | 2014-12-01 | 2016-06-29 | 阿里巴巴集团控股有限公司 | Encrypted storage method and encrypted storage device |
| WO2018024056A1 (en) * | 2016-08-05 | 2018-02-08 | 华为技术有限公司 | User password management method and server |
| CN109687966A (en) * | 2017-10-18 | 2019-04-26 | 北京明特量化信息技术有限公司 | Encryption method and its system |
| CN107733656A (en) * | 2017-10-23 | 2018-02-23 | 北京深思数盾科技股份有限公司 | A kind of cipher authentication method and device |
| CN110351077A (en) * | 2019-05-30 | 2019-10-18 | 平安科技(深圳)有限公司 | Method, apparatus, computer equipment and the storage medium of data encryption |
| CN110489466A (en) * | 2019-07-03 | 2019-11-22 | 平安证券股份有限公司 | Generation method, device, terminal device and the storage medium of invitation code |
| CN111428253A (en) * | 2020-03-24 | 2020-07-17 | 福建福链科技有限公司 | Data protection method and system suitable for block chain |
| CN111611576A (en) * | 2020-04-30 | 2020-09-01 | 南京南瑞继保工程技术有限公司 | Account key verification method and device and computer storage medium |
| CN113434852A (en) * | 2021-07-23 | 2021-09-24 | 网易(杭州)网络有限公司 | Password processing method, password verification device, medium and electronic equipment |
| CN113630238A (en) * | 2021-08-10 | 2021-11-09 | 中国工商银行股份有限公司 | User request permission method and device based on password confusion |
Non-Patent Citations (3)
| Title |
|---|
| 一种Hash特征隐藏的加盐信息摘要模型;祝彦斌;王春玲;;计算机技术与发展(03);全文 * |
| 一种加盐哈夫曼编码加密方式的实现;乔木;唐浩;王丽娟;;信息与电脑(理论版)(24);全文 * |
| 一种带有盐度值的安全哈希加密算法的设计与实现;李兴望;陈磊松;周小方;;漳州师范学院学报(自然科学版)(02);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115086008A (en) | 2022-09-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9166971B1 (en) | Authentication using an external device | |
| US10924289B2 (en) | Public-private key pair account login and key manager | |
| US9106426B2 (en) | Username based authentication and key generation | |
| US8365262B2 (en) | Method for automatically generating and filling in login information and system for the same | |
| US10848304B2 (en) | Public-private key pair protected password manager | |
| CN107295011B (en) | Webpage security authentication method and device | |
| CN101369889B (en) | Method for electronic endorsement of document | |
| Nyang et al. | Keylogging-resistant visual authentication protocols | |
| US8195951B2 (en) | Data processing system for providing authorization keys | |
| US20180254904A1 (en) | Integrated authentication system for authentication using single-use random numbers | |
| EP3968597B1 (en) | Methods for encrypting and decrypting data | |
| CN112637131A (en) | User identity authentication method, device, equipment and storage medium | |
| CN110690956B (en) | Bidirectional authentication method and system, server and terminal | |
| CN112989309B (en) | Login method, authentication method and system based on multi-party authorization and computing equipment | |
| EP2840735A1 (en) | Electronic cipher generation method, apparatus and device, and electronic cipher authentication system | |
| WO2013080062A1 (en) | Cross system secure logon | |
| CN113836506A (en) | Identity authentication method, device, system, electronic equipment and storage medium | |
| CN111639325A (en) | Merchant authentication method, device, equipment and storage medium based on open platform | |
| JP2021090114A (en) | Electronic signature system and anti-tamper device | |
| CN115086008B (en) | Method and device for realizing password security protection, storage medium and electronic equipment | |
| KR101255258B1 (en) | Finantial transaction information certification system and method using 2 dimensional barcode | |
| CN112291189B (en) | Method, device, equipment and storage medium for sending and checking ciphertext | |
| Hartung et al. | Biometric transaction authentication protocol | |
| KR20180129302A (en) | Method for executing of security keyboard, apparatus and system for executing the method | |
| CN112737790B (en) | Data transmission method and device, server and client terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20231103 Address after: A1501, 15 / F, No. 22, Zhongguancun Street, Haidian District, Beijing 100089 Applicant after: Beijing xinchangcheng Technology Development Co.,Ltd. Applicant after: Xinchangcheng (Shanghai) Technology Co.,Ltd. Address before: A1501, 15 / F, No. 22, Zhongguancun Street, Haidian District, Beijing 100089 Applicant before: Beijing xinchangcheng Technology Development Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |