| Password is a way of authentication that people use very frequently.However,in recent years,password data leakage incidents have occurred frequently at home and abroad,which has raised concerns about password security from all walks of life.At present,the research on password security in academia mainly focuses on password guessing attack algorithms.These algorithms are usually based on publicly leaked password data sets,and do not take into account that users may set passwords according to their own network environment.From the perspective of the attacker,based on the idea of actively collecting information,this thesis proposes a directional password guessing attack method and a password strength evaluation system,and designs and implements a password strength evaluation system that can be configured independently under a general framework.First,this thesis studies user login behavior,and proposes a targeted password guessing attack algorithm based on the idea of actively collecting information.Collect and analyze the login traffic data of the industrial information system,and propose a method for identifying successful login traffic based on machine learning.Starting from the login behavior,the web crawler actively collects information related to a certain user login activity,and proposes a targeted password guessing attack algorithm.The experimental results show that compared with the PCFG method that does not consider the relevant information,our method has significantly improved the guessing ability of the password set.Next,this thesis proposes a password strength evaluation system based on different types of password strength evaluation methods.Analyze the characteristics of different password strength evaluation standards and methods,optimize and adjust some methods,and combine three password strength evaluation methods to propose a universal password strength evaluation system that can be adapted to different websites.Experiments show that the evaluation system takes into account versatility-and adaptability,and can help different website managers realize targeted key information collection and password strength judgment.Finally,this thesis designs and implements a self-configurable directional password strength evaluation system under a general framework based on the above research content.It can be seen from the actual operation effect that the system can realize the password evaluation process of adapting to the target website under the general framework,without modifying the existing system,and helping the administrators of different websites realize effective password security maintenance work. |
PDF Full Text Request