0x00
弱密码的危害无须多言,现在有很多注册的地方会直接检测密码的强度,强度的最终要求是可猜解性的控制,本文中有一个自己撸的随机密码生成的小脚本和一个CMU的大牛前端轻量级的神经网络分析密码可猜解性的实现的研究。
0x01
赛门铁克下面有个在线的随机密码生成应用:norton 链接: https://identitysafe.norton.com/zh-cn/password-generator
0x02
关于密码可猜解性,CMU的大牛有一篇在前端轻量级的神经网络分析实现: http://www.blaseur.com/papers/usenixsec2016-neural-passwords.pdf
0x03:
随机密码生成小脚本
import os, sys
import random
import string
PASSWORD_LENGTH = 16
if len( sys.argv ) == 2:
PASSWORD_LENGTH = int( sys.argv[1] )
UPPER = []
LOWER = []
DIGIT = []
OTHER = []
BADCHARS = string.whitespace # if you don't want space, you can set BADCHARS = string.whitespace
ALL_CHARS = []
for i in range( 0, 256, 1 ):
c = chr( i )
if c not in string.printable:
continue
if c in string.ascii_uppercase:
UPPER.append( c )
elif c in string.ascii_lowercase:
LOWER.append( c )
elif c in string.digits:
DIGIT.append( c )
elif c not in BADCHARS:
OTHER.append( c )
if c not in BADCHARS:
ALL_CHARS.append( c )
CHAR_SET = []
n = PASSWORD_LENGTH
RESERVED = 4
MIN = 1
random.seed(None)
for x in [UPPER, LOWER, DIGIT, OTHER]:
n_x = random.randint( MIN, n - RESERVED )
for i in range( 0, n_x ):
CHAR_SET.append( x[random.randint( 0, len(x)-1)] )
n = n - n_x
RESERVED = RESERVED - 1
for i in range( 0, n ):
CHAR_SET.append( ALL_CHARS[random.randint( 0, len( ALL_CHARS )-1 )] )
random.shuffle( CHAR_SET )
print ''.join(CHAR_SET), len( ''.join(CHAR_SET) )