Password Strength Meter Method And Software

Text password is the most popular encryption method on the internet nowadays and it plays an important role in the information security.However,due to the fact that users lack awareness of password security,and many password strength meters on the internet can't feed back the true strength of passwords to users correctly,weak passwords are often mistaken for strong passwords,leading to security risks of users' accounts.We use three attack methods as the basis for password strength meter to improve the accuracy of password strength assessment.The “hot word and structure method” can effectively attack weak passwords which are semantically clear;the “frequency divided violence method” can attack weak passwords which are semantically vague but relatively long;the “collision deformation method” combined with the large original password library can effectively attack the same or similar passwords that have been leaked out.We first propose the general framework of password strength meter based on these three attack methods,and then conduct in-depth study on these three attack methods.Finally,we compare the password strength meter based on the three attack methods with two popular password strength meters based on rules and violent speculation.From our study we find that the latter(the two popular password strength meters)have various deficiencies like oversimplification,vague evaluation index and unidentifiability of password rules.By contrast,our password strength meters can accurately reflect the crack resistance of a password under mixed attack of a variety of methods,hence we make more accurate assessments of the strength of passwords.This paper also makes a detailed study of the regionality of passwords.Because of different cultures and languages in different regions,the habits of users in designing passwords are also different.We use cosine distances to quantify regional differences in passwords innovatively.Experiments prove that the regionality of passwords plays an important role in password attack and password strength assessment.It is necessary to cooperate with regional rules to effectively attack passwords or make accurate password strength assessments.