密码学报2024,Vol.11Issue(1):67-100,34.DOI:10.13868/j.cnki.jcr.000670
口令猜测研究进展
Advances on Password Guessing Attack
摘要
Abstract
Passwords are usually short,memorable keys used in various applications such as identity authentication,encryption,and digital signature.While some security and usability issues of passwords have been identified,the simplicity,cost-effectiveness,and ease of change make passwords irreplace-able in the foreseeable future.Password guessing poses the most serious security threat to passwords,serving as a central focus in password security research and garnering sustained attention from the academic community.This paper employs a data-driven approach to unearth user behaviors that can be exploited by potential attackers in guessing passwords.It analyzes patterns in password creation,encompassing aspects like popularity trends,language dependencies,length distributions,password reuse,structural and semantic features.Subsequently,this paper summarizes 28 mainstream pass-word guessing algorithms proposed over the past three decades,classifies them based on their technical principles.Following that,this paper reviews the widely used evaluation metrics for password guessing algorithms,explores the impact of different experimental setups on algorithm performance,and dis-cusses the technical characteristics and application scenarios of various guessing algorithms based on experimental results.Finally,this paper presents a comprehensive overview of the research advance-ments in password guessing and offers insights into practical applications and future research directions in the field.关键词
密钥安全/口令/口令强度/口令猜测/机器学习Key words
secret key security/passwords/password strength/password guessing/machine learning分类
信息技术与安全科学引用本文复制引用
邹云开,汪定..口令猜测研究进展[J].密码学报,2024,11(1):67-100,34.基金项目
国家自然科学基金(62172240,62222208)National Natural Science Foundation of China(62172240,62222208) (62172240,62222208)
