作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程

• 安全技术 • 上一篇    下一篇

一种基于姓名首字母简写结构的口令破解方法

罗敏,张阳   

  1. (武汉大学 计算机学院,武汉 430072)
  • 收稿日期:2016-01-07 出版日期:2017-01-15 发布日期:2017-01-13
  • 作者简介:罗敏(1974—),男,副教授、博士,主研方向为网络安全、数据挖掘;张阳,硕士研究生。

A Password Cracking Method Based on Name Initials Shorthand Structure

LUO Min,ZHANG Yang   

  1. (College of Computer Science,Wuhan University,Wuhan 430072,China)
  • Received:2016-01-07 Online:2017-01-15 Published:2017-01-13

摘要: 用户口令猜测研究是口令安全性研究的重要组成部分之一,根据用户个人信息和用户口令之间的联系,分析用户个人信息的结构特点,扩展Weir的概率语境自由语法方法,基于用户姓名首字母简写结构,提出一个概率口令攻击方法。通过训练找到用户姓名首字母简写结构,引入到用户口令结构生成算法中,从而生成新的更有效的口令结构,并使用训练集中学习出来的个人信息,作为简写结构的替换变量进行猜测攻击。采用网上泄露的用户口令数据集设计不同实验场景,实验结果表明,在猜测2 000万次的情况下,该方法的猜测成功率超过了John the Ripper的字典模式,和概率上下文无关文法相比最高提升48.12%。

关键词: 口令破解, 身份认证, 概率口令猜测, 个人信息, 简写结构

Abstract: User password guess research is one of the important parts of password security research.According to the relationship between user’s personal information and user password,analyzes the structural characteristics of the user’s personal information,extends Weir probabilistic context free grammar approach,based on user initials shorthand structure,this paper proposes a probalisitic password attack method.Through training to find the user initials shorthand structure,and introduces it into the user password structure generation algorithm,so as to generate a new more effective password structure,and uses the personal information learnt from the training set to make guess attack as a substitution variable of shorthand structure.User password data set on the Internet is used to design different experimental scenarios.Experimental results show that in the twenty million case of speculation,the guess success rate of the proposed method is far more than John the Ripper wordlist mode,and compared with Weir’s Probabilistic Context-Free Grammar(PCFG) method also has 48.12% increasement.

Key words: password cracking, identity authentication, probalisitic password guess, personal information, shorthand structure

中图分类号: