Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Weak password verification and cracking method and device

A weak password and password technology, applied in the field of communication, can solve the problems of affecting work efficiency, inability to carry out unified management, efficient configuration, low efficiency of weak password cracking, etc., and achieve the effect of improving discovery ability

Active Publication Date: 2016-08-03
中国移动通信集团广西有限公司
View PDF6 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, when method 1 is used to check weak passwords, there are several disadvantages in the following aspects: 1. Decentralization, weak password dictionaries are scattered in various discrete cracking tools, and unified management and efficient configuration cannot be performed. For example, weak password dictionaries When upgrading, it is impossible to effectively upgrade the entire network and update the latest weak password dictionary in a timely manner; 2. The manual workload is heavy, and it is necessary to obtain the passwords on the device, weak password dictionary and analysis of cracking results one by one; 3. The efficiency is low and cannot be realized Periodic, network-wide weak password update and management
[0006] When using method 2 to check weak passwords, there are several disadvantages in the following aspects: 1. It is very easy to cause deadlock of the device configured with the account lock policy, thereby affecting the normal access of users; 2. Due to the impact on the device, it cannot Attempts to develop a very large dictionary of weak passwords often focus on the factory default account configuration and a small number of other weak passwords, and cannot more comprehensively discover other weak passwords that do not conform to the strong password policy
Brute force cracking is a brute force method. According to certain rules and algorithms, the passwords are calculated one by one until the real password is found. This leads to the process of brute force cracking taking a long time. When there are many account passwords to be cracked , it will take a long time, which will affect the work efficiency and become the bottleneck in the whole weak password offline verification process
[0009] To sum up, in the prior art, due to the decentralization of weak password dictionaries, some commonly used repeated passwords cannot be automatically included, resulting in a long time for weak password verification, low efficiency of weak password cracking, and insufficient ability to discover weak passwords.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Weak password verification and cracking method and device
  • Weak password verification and cracking method and device
  • Weak password verification and cracking method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0117] A method for checking weak passwords provided by an embodiment of the present invention includes the steps of:

[0118] Step 1: Obtain the clear text password of the UE from the security management and control platform, or the identity and access management and control system.

[0119] Among them, the security management and control platform, or the identity and access management control system is a centralized management system for account passwords, which saves the accounts and passwords of most devices.

[0120] By integrating the weak password verification module with the security management and control platform, or the identity and access management and control system, the account and password information of the UE can be obtained directly from the account and password query interface provided by the security management and control platform or the identity and access management and control system .

[0121] Step 2, according to the definition of weak passwords, it...

Embodiment 2

[0131] see image 3 , a method for checking weak passwords provided by the embodiments of the present invention, comprising the steps of:

[0132] S301. Obtain the ciphertext password of the UE from the central server, and determine that the ciphertext password is a strong password.

[0133] Obtain the ciphertext password of the UE from the central server. When the ciphertext password is not in the preset weak password ciphertext dictionary, it is determined that the password is not in the preset weak password dictionary, and then the ciphertext password is defined as a strong password.

[0134] S302, judging whether the number of occurrences of the strong password is greater than a preset threshold. If yes, execute S303, otherwise, execute S304.

[0135] S303, judge whether the strong password is in the weak password ciphertext dictionary, if yes, execute S305, otherwise, execute S306.

[0136] S304, accumulating the occurrence times of the strong password once.

[0137] ...

Embodiment 3

[0143] see Figure 4 , a method for checking weak passwords provided by the embodiments of the present invention, comprising the steps of:

[0144] S401. Obtain a weak password.

[0145] The weak password to be obtained is a plaintext password, which can be obtained directly from a security management and control platform, or an identity and access management control system, or obtained and cracked from a central server to obtain a plaintext password.

[0146] S402, judging whether the weak password is a newly discovered weak password, if yes, execute S403, otherwise, execute S404.

[0147] S403. Add the weak password into the weak password dictionary, and then perform S405.

[0148] S404. Accumulate the number of appearances of the weak password once, record it in the weak password dictionary, and store it in descending order of the number of appearances of the weak password.

[0149] S405, judging whether the composition rule of the weak password is in the weak password c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a weak password verification and cracking method and device; the method and device can realize central management and optimize a weak password dictionary, thus reducing weak password verification time, improving weak password discovering ability, and improving weak password cracking efficiency; the weak password verification method comprises the following steps: obtaining a use equipment UE password; if the obtained password is a cleartext password, determining whether the obtained password as a weak password or not according to a preset weak password definition; if the obtained password is a weak password and the password is not in the preset weak password dictionary, adding the password into the weak password dictionary.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a method and device for checking and cracking weak passwords. Background technique [0002] There are two existing weak password verification methods: [0003] 1. Obtain ciphertext passwords by using technology or manual means, and crack weak passwords based on the weak password dictionary; [0004] 2. Repeatedly try to log in the password of the account through the remote connection device. [0005] However, when method 1 is used to check weak passwords, there are several disadvantages in the following aspects: 1. Decentralization, weak password dictionaries are scattered in various discrete cracking tools, and unified management and efficient configuration cannot be performed. For example, weak password dictionaries When upgrading, it is impossible to effectively upgrade the entire network and update the latest weak password dictionary in a timely manner; 2. The manual...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/46
Inventor 宁建创徐钽梁业裕
Owner 中国移动通信集团广西有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com