Research Of The Password Strength Evaluation Method Based On Character Distance

Identity authentication is an important barrier in cyberspace security and an important means to ensure the security of user information and property.Text passwords have become the most widely used identity authentication method due to their low cost,convenient deployment and low storage overhead.The password strength evaluation method is designed to assist users to create passwords that are difficult to crack.However,in the strong passwords identified by the existing password strength evaluation method,there are still medium-strength passwords and weak passwords.The main work of this paper is to propose a password strength evaluation method based on character distance.The purpose is to identify medium-strength and weak passwords that are evaluated as strong passwords on the basis of the existing password strength evaluation method,so as to improve the accuracy of the password strength evaluation method.The specific work and innovation points of the paper are:(1)Extraction of leaked dataset features.This article collects a total of 10 real password datasets,with a total data volume of 10 million.Use probabilistic context free grammar to extract the characteristics of the password length,password character type,password character arrangement and weak password pattern contained in the password of the password dataset.Probability modeling analyzes the user’s behavior habits when creating the password,which provides the direction and basis for the model establishment of the password strength evaluation method based on the character distance proposed in this article.(2)The concept of character distance and the password strength evaluation method based on character distance are proposed.In view of the error evaluation of strong passwords in the traditional password strength evaluation method,this paper establishes a password strength evaluation model based on character distance,and proposes to use continuous leading character distance(CLCD)and average adjacent character distance(AACD)as indicators to evaluate password strength.The two evaluation indicators are at the semantic level.It can implicitly express the main factors affecting the strength of the password,such as the size of the export password length,the number of character types,the arrangement of characters,and whether there is a weak password mode.(3)A general correctness assessment method is proposed.This paper proposes to use Next-Gen probabilistic context free grammar to analyze the composition mode of the evaluated password in LPSE,ZXCVBN and the proposed password strength evaluation method based on character distance,so as to verify the correctness of the proposed method from the probability model of the composition pattern.After experimental analysis,the proposed password strength evaluation model can effectively identify medium-strength passwords and strong passwords.Compared with the existing password strength evaluation methods in different password datasets,the growth rate range of recognition medium-strength passwords from strong passwords is[28.38%,222.73%].Among the medium-strength passwords filtered from strong passwords,about 50% of the Next-Gen PCFG mode is composed of multiple words or a single number,which proves that the password strength evaluation method based on character distance mentioned in this article has significant advantages in evaluating password strength.