生成随机密码的脚本和密码可猜解性

0x00
弱密码的危害无须多言,现在有很多注册的地方会直接检测密码的强度,强度的最终要求是可猜解性的控制,本文中有一个自己撸的随机密码生成的小脚本和一个CMU的大牛前端轻量级的神经网络分析密码可猜解性的实现的研究。

0x01
赛门铁克下面有个在线的随机密码生成应用:norton 链接: https://identitysafe.norton.com/zh-cn/password-generator

0x02
关于密码可猜解性,CMU的大牛有一篇在前端轻量级的神经网络分析实现: http://www.blaseur.com/papers/usenixsec2016-neural-passwords.pdf

0x03:
随机密码生成小脚本

import os, sys
import random
import string

PASSWORD_LENGTH = 16
if len( sys.argv ) == 2:
PASSWORD_LENGTH = int( sys.argv[1] )

UPPER = []
LOWER = []
DIGIT = []
OTHER = []
BADCHARS = string.whitespace # if you don't want space, you can set BADCHARS = string.whitespace
ALL_CHARS = []

for i in range( 0, 256, 1 ):
c = chr( i )
if c not in string.printable:
continue

if c in string.ascii_uppercase:
UPPER.append( c )
elif c in string.ascii_lowercase:
LOWER.append( c )
elif c in string.digits:
DIGIT.append( c )
elif c not in BADCHARS:
OTHER.append( c )

if c not in BADCHARS:
ALL_CHARS.append( c )
CHAR_SET = []

n = PASSWORD_LENGTH
RESERVED = 4
MIN = 1

random.seed(None)

for x in [UPPER, LOWER, DIGIT, OTHER]:
n_x = random.randint( MIN, n - RESERVED )
for i in range( 0, n_x ):
CHAR_SET.append( x[random.randint( 0, len(x)-1)] )
n = n - n_x
RESERVED = RESERVED - 1

for i in range( 0, n ):
CHAR_SET.append( ALL_CHARS[random.randint( 0, len( ALL_CHARS )-1 )] )

random.shuffle( CHAR_SET )
print ''.join(CHAR_SET), len( ''.join(CHAR_SET) )

发表评论

电子邮件地址不会被公开。 必填项已用*标注