Research On Chinese-Speaking Users’ Password Analyse Method Based On Word Segmentation

Today,passwords are still one of the main methods for human-machine authentication.Because the password has the advantages of simple,convenient,and easy to modify,they will not be replaced by other authentication methods in a short time.Even though there are already many encryption algorithms and hash algorithms that can guarantee that the user’s password is not leaked during transmission or in the database,the strength of the password depends largely on the user themselves.If the user password is not strong enough,then the password will be easily guessed by attackers through guessing attacks.After multiple website database leaks in 2009,a variety of user password guessing attack algorithms have appeared,which can more effectively perform user password guessing attacks.Therefore,it is of great significance to research and analyze the problem of password security.Studying on password security can summarize users’ behaviors when they setting passwords,analyze whether these habits lead to a reduction in password strength,and summarize the criteria for weak and strong passwords.On the other hand,through these studies,users can pay attention to password security issues and reduce weak passwords and password reuse problems.Our work is based on the leaked passwords in 2011 in China.First of all,we analyzed real user passwords from the perspectives of week passwords,password length,elements of passwords,and most common character combinations.Through these analyzes,we found that Chinese-speaking users’ usually use passwords which only contain numbers,lowercase letters or a combination of both.They often use pinyin in their passwords.The users’ week passwords consist of consecutive numbers,multiple repeated characters,or a combination of numbers with special meanings.Secondly,based on the analysis of Chinese-speaking users’ passwords,order Markov enumeration module based on word segmentation(WS-OMEN)are proposed.This module splits passwords by word segmentation and then generate password guesses based on Markov models in descending order of probability.When generating 100 million passwords,compare with the OMEN model,our model’s guessing performance increased by at least 3%,and the maximum improvement is about 17%.Finally,we use WS-OMEN model to evaluate the strength of Chinese-speaking users’ passwords,and compared its performance with traditional NIST methods.WS-OMEN model can recognize passwords that use common character combinations such as pinyin.While NIST methods mainly evaluate the strength of passwords based on length and elements.Therefore,using multiple methods can evaluate passwords strength more reasonably.WS-OMEN module is improved based on this conclusion.At the same time,based on the above research content,a few suggestions for users when they setting passwords are given.