计算机学报
計算機學報
계산궤학보
CHINESE JOURNAL OF COMPUTERS
2014年
5期
1206-1215
,共10页
口令攻击%划分%上下文无关文法%口令结构%计算机安全%信息安全%网络安全
口令攻擊%劃分%上下文無關文法%口令結構%計算機安全%信息安全%網絡安全
구령공격%화분%상하문무관문법%구령결구%계산궤안전%신식안전%망락안전
password cracking%division%context-free grammar%password structure%computer security%information security%network security
选择有效的口令结构是提高口令字典攻击命中率的有效方法。人们在记忆口令时,通常不会一次性进行整体记忆,而是将口令划分成块分别记忆的。基于此,文中分析了已有的口令结构,提出了依据划分概率对口令结构进行再次划分的口令攻击方法。该方法将攻击口令的焦点放在高概率的口令结构上,通过对高概率的口令结构进行再次划分,产生更有效的口令结构,并用它们来产生候选口令,从而提高攻击命中率。最后通过真实口令测试数据对该方法进行了验证,实验结果表明,给定相同数目的高概率口令具体结构,通过划分,文中的方法与Matt Weir方法相比能够多恢复20%~30%的口令。根据攻击结果,文中的方法还可以更新所使用的字典,以达到学习的目的,提高后续攻击效率。
選擇有效的口令結構是提高口令字典攻擊命中率的有效方法。人們在記憶口令時,通常不會一次性進行整體記憶,而是將口令劃分成塊分彆記憶的。基于此,文中分析瞭已有的口令結構,提齣瞭依據劃分概率對口令結構進行再次劃分的口令攻擊方法。該方法將攻擊口令的焦點放在高概率的口令結構上,通過對高概率的口令結構進行再次劃分,產生更有效的口令結構,併用它們來產生候選口令,從而提高攻擊命中率。最後通過真實口令測試數據對該方法進行瞭驗證,實驗結果錶明,給定相同數目的高概率口令具體結構,通過劃分,文中的方法與Matt Weir方法相比能夠多恢複20%~30%的口令。根據攻擊結果,文中的方法還可以更新所使用的字典,以達到學習的目的,提高後續攻擊效率。
선택유효적구령결구시제고구령자전공격명중솔적유효방법。인문재기억구령시,통상불회일차성진행정체기억,이시장구령화분성괴분별기억적。기우차,문중분석료이유적구령결구,제출료의거화분개솔대구령결구진행재차화분적구령공격방법。해방법장공격구령적초점방재고개솔적구령결구상,통과대고개솔적구령결구진행재차화분,산생경유효적구령결구,병용타문래산생후선구령,종이제고공격명중솔。최후통과진실구령측시수거대해방법진행료험증,실험결과표명,급정상동수목적고개솔구령구체결구,통과화분,문중적방법여Matt Weir방법상비능구다회복20%~30%적구령。근거공격결과,문중적방법환가이경신소사용적자전,이체도학습적목적,제고후속공격효솔。
When performing a dictionary attack,it is an effective method for improving the hitratio to choose effective passwords’structures.When people remember a password,they seldomchoose entire memory at once.They usually divide a password into blocks to remember it separately.Based on this,this paper analyzes structures of existing passwords which were leaked and postedon the net,and proposes a password cracking method to divide structures again based on theprobabilities of divisions.This method focuses on these structures of high probabilities.Throughdivision of these structures,it can generate more effective passwords structures which can be usedto produce candidate passwords.This can improve attacks’hit ratio.Finally,the experiments usereal data to evaluate this method.Giving the same number of passwords’concrete structures withhigh probabilities,the result demonstrates that by dividing these structures this method canrecover more passwords of about 20 to 30 percent than Matt Weir et al.’s method.According tohit effects,this method can update dictionaries which are used during attack,and achieve thestudy goal.This can improve the efficiency in the next attack.