The Design And Implementation Of A Secure Password Generator

Password is a very important measurement of access control in computer security. Almost everyone has some passwords and he uses them accessing his different accounts nearly every day, especially to check his email box, access blog, shop online. Password security is very important for the security of user's information security and privacy security.Password can be categorized into static password and dynamic password. Most of the password system using by the Internet services are static password system, so it is very significant to focus on improving static password security. It is analysed in this paper the security problems users often meet when they try to maintain several different accounts. It is quite hard to choose several different"good"secure passwords and you can easily memorize them at the same time. I forward my solution for that and provide a prototype of software to solve this problem. This software has its advantage in against phishing and keyboard recording attacks.Chapter one is the analyses for password security. Firstly I discuss three methods of authentication, and secondly I talk about some common attacks against password security, and thirdly I discuss what makes a password secure, and fourthly I analyse the security of static password and dynamic password respectively, and fifthly I give an introduction to the research aim of this paper and its construction.Chapter two presents the ideas behind the design of secure password generator. Firstly I analyse the disadvantages of existing measurements, and then give my ideas of what improvements should be done.Chapter three describes the implementation of the prototype of secure password generator. Firstly I brief the development environment of the prototype, and secondly demonstrate the interface design, and thirdly explain how to use screen keyboard to defeat keyboard recording attack, and fourthly discuss the algorithm of SHA-1 and Base64, and then explain how to modify the code to meet the security requirement.Chapter four is the conclusion of this paper and the plan of future work. Firstly I summarize the advantages and disadvantages of this research work, and then report my plan for future work.Secure password generator provides a new tool to generate different passwords for different accounts securely, and it can successfully defeat keyboard recording attack and phishing attack. The hash algorithm it uses in the prototype is also better than existing tools.