Journal of Computer Applications ›› 2019, Vol. 39 ›› Issue (6): 1713-1718.DOI: 10.11772/j.issn.1001-9081.2018109122

• Cyber security • Previous Articles     Next Articles

Analysis method of passwords under Chinese context

ZENG Jianping1,2, CHEN Qile1, WU Chengrong1,2, FANG Xi1,2   

  1. 1. School of Computer Science, Fudan University, Shanghai 200433, China;
    2. Engineering Research Center of Cyber Security Auditing and Monitoring, Ministry of Education(Fudan University), Shanghai 200433, China
  • Received:2018-11-13 Revised:2018-12-11 Online:2019-06-17 Published:2019-06-10
  • Supported by:
    This work is partially supported by the National Key R&D Program of China (2016YFB0800101).


曾剑平1,2, 陈其乐1, 吴承荣1,2, 方熙1,2   

  1. 1. 复旦大学 计算机科学技术学院, 上海 200433;
    2. 网络信息安全审计与监控教育部工程研究中心(复旦大学), 上海 200433
  • 通讯作者: 曾剑平
  • 作者简介:曾剑平(1973-),男,福建泉州人,副教授,博士,主要研究方向:大数据安全、互联网大数据技术;陈其乐(1995-),男,山东泰安人,主要研究方向:信息安全;吴承荣(1971-),男,上海人,副教授,博士,CCF会员,主要研究方向:信息安全;方熙(1996-),男,湖北鄂州人,硕士研究生,主要研究方向:网络安全。
  • 基金资助:

Abstract: Concerning the problem that the current research on password semantics is mainly based on English datasets and restricted to some units like common words or surnames, by using data analysis technology based on password strings, a Chinese context password analysis method based on known-password elements was proposed with the pattern library based on Chinese poems and idioms in Chinese context. Firstly, the known-password element was identified. Then, it was considered as a single password degree of freedom. Finally, the freedom attack cost within a given attack success rate was calculated and the quantitative security of password was obtained. After quantitative analysis of large amounts of plaintext passwords by designed experiments, it is concluded that 80% of user passwords are low secure and can be easily broken by dictionary attacks in Chinese context.

Key words: password analysis, password security, known-password element, password degree of freedom, Chinese context

摘要: 针对目前口令语义分析挖掘主要针对英文口令,且局限于常见的单词或姓氏等口令单元的问题,在中文语境下,利用古诗、成语建立模式库,使用口令字符串的数据分析技术,提出了一种基于已知口令元的中文语境口令分析方法。首先,识别出已知口令元;然后,将其视作单个口令自由度;最后,计算给定攻击成功率下的自由度攻击成本,得出口令安全性的量化数值。设计实验对大量明文口令进行量化分析之后,可知在使用中文语境的口令中,80%的用户口令不具有高安全性,能够被字典攻击轻易攻破。

关键词: 口令分析, 口令安全性, 已知口令元, 口令自由度, 中文语境

CLC Number: