CN107566123A - PPTP VPN passwords methods of calibration and computer-readable recording medium - Google Patents

PPTP VPN passwords methods of calibration and computer-readable recording medium Download PDF

Info

Publication number
CN107566123A
CN107566123A CN201710665048.8A CN201710665048A CN107566123A CN 107566123 A CN107566123 A CN 107566123A CN 201710665048 A CN201710665048 A CN 201710665048A CN 107566123 A CN107566123 A CN 107566123A
Authority
CN
China
Prior art keywords
value
nthash
values
suspicious
certification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710665048.8A
Other languages
Chinese (zh)
Other versions
CN107566123B (en
Inventor
梁瑞彬
林俊阳
陈秀容
汤伟宾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Meiya Pico Information Co Ltd
Original Assignee
Xiamen Meiya Pico Information Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Meiya Pico Information Co Ltd filed Critical Xiamen Meiya Pico Information Co Ltd
Priority to CN201710665048.8A priority Critical patent/CN107566123B/en
Publication of CN107566123A publication Critical patent/CN107566123A/en
Application granted granted Critical
Publication of CN107566123B publication Critical patent/CN107566123B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of PPTP VPN passwords method of calibration and computer-readable recording medium, method to include:Obtain the certification hash value and certification response value of PPTP VPN passwords;Obtain the value of 2 bytes of a high position of NTHash values corresponding to certification hash value and certification response value;According to the value and its corresponding certification hash value and certification response value of the byte of a high position 2 of NTHash values, concordance list is generated;Simultaneously corresponding suspicious NTHash values are calculated in generation password;According to the value of 2 bytes of a high position of suspicious NTHash values, certification hash value corresponding to acquisition and certification response value;According to corresponding certification hash value and certification response value, the suspicious NTHash values are verified.The present invention can reduce travel time, improve verification efficiency.

Description

PPTP VPN passwords methods of calibration and computer-readable recording medium
Technical field
The present invention relates to art of cryptography, more particularly to a kind of PPTP VPN passwords method of calibration and computer-readable deposit Storage media.
Background technology
VPN (VPN) based on Point to Point Tunnel Protocol (PPTP) be established at present in common network it is special Network, the common tunnel protocol of communication is encrypted.
16 bytes that PPTP protocol networks message encryption obtains using user cipher after MD4 AESs The encryption and decryption key that NTHash values obtain after series of algorithms computing.So as long as NTHash values can be obtained, just energy is complete Reduce the message of this user.The certification of 24 bytes can be directly obtained from the cleartext information of PPTP VPN password communication messages Response value (ChallengeResponse) and the certification hash value (ChallengeHash) for calculating 20 bytes indirectly, ChallengeResponse be des encryption of ChallengeHash 8 bytes of low level by three groups of independence after ciphertext value, Three groups of DES encryption key is respectively by 72 bytes of a high position of NTHash values, middle 7 bytes and low level bytes by conversion After obtain, since it is known that ChallengeResponse and ChallengeHash values, it is only necessary to respectively to three groups of DES's Encryption key carries out violence traversal, it is possible to obtains NTHash value.
At present, three groups of independence DES encryption key is carried out violence to travel through being that PPTP VPN password codes recover most effective Means, revert to power up to 100%, but every time traversal can be only done a pair of ChallengeResponse and The verification of ChallengeHash values.How to improve PPTP VPN passwords verification efficiency is current main direction of studying, current Research is concentrated mainly on by various hardware-accelerated, algorithm optimizations, distributed computing technology to improve the speed that violence travels through, and is come with this Shorten the time of traversal, but the method that speed is traveled through by improving can only be such that the travel time of single linearly reduces, and for Substantial amounts of PPTPVPN password informations on network, even if same subscriber, log in what is generated by the difference of random code every time ChallengeResponse and ChallengeHash values are also different, to complete the verification of a large amount of PPTP VPN passwords and can but make Travel time geometric progression increases.
The content of the invention
The technical problems to be solved by the invention are:A kind of PPTP VPN passwords method of calibration is provided and computer-readable deposited Storage media, improve the verification efficiency of PPTP VPN passwords.
In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention is:A kind of PPTP VPN password methods of calibration, Including:
Obtain the certification hash value and certification response value of PPTP VPN passwords;
According to the value of 8 bytes of low level of certification hash value and the value of 8 bytes of a high position of certification response value, pass through violence Traversal, obtains the value of 2 bytes of a high position of NTHash values corresponding to the certification hash value and certification response value;
According to the value of the byte of a high position 2 of NTHash values and its corresponding password information, concordance list, the password information are generated Including certification hash value and certification response value;
Generate password by way of default password traversal, and obtained according to the cryptographic calculations corresponding suspicious NTHash values;
According to the value of 2 bytes of a high position of the suspicious NTHash values, the certification corresponding to acquisition from the concordance list Hash value and certification response value;
According to the corresponding certification hash value and certification response value, the suspicious NTHash values are verified.
The invention further relates to a kind of computer-readable recording medium, is stored thereon with computer program, and described program is located The step of reason device realizes method as described above when performing.
The beneficial effects of the present invention are:Only need the encryption for traveling through 2 bytes close using one of which des encryption algorithm Key just can quickly recover the characteristics of value of 2 bytes of a high position of corresponding NTHash values, by the high position 2 for establishing NTHash values The value of individual byte and certification hash value and the concordance list of certification response value, then generate password and calculate suspicious NTHash values, be used in combination Concordance list tentatively find out corresponding to certification hash value and certification response value, then further verified, so as to realize once time Go through the process for completing that parallel check is carried out to multigroup password.The present invention can reduce travel time, improve verification efficiency.
Brief description of the drawings
Fig. 1 is a kind of flow chart of PPTP VPN password methods of calibration of the present invention;
Fig. 2 is the method flow diagram one of step S6 in the embodiment of the present invention one;
Fig. 3 is the method flow diagram two of step S6 in the embodiment of the present invention one;
Fig. 4 is the method flow diagram of step S3 in the embodiment of the present invention two;
Fig. 5 is the method flow diagram of step S5, S6 in the embodiment of the present invention two.
Embodiment
To describe the technology contents of the present invention, the objects and the effects in detail, below in conjunction with embodiment and coordinate attached Figure is explained in detail.
The design of most critical of the present invention is:Violence travels through out 2 bytes of a high position of NTHash values corresponding to password information Value, by establishing the concordance list of the two, subsequently can quickly obtain password information corresponding to suspicious NTHash values.
Referring to Fig. 1, a kind of PPTP VPN password methods of calibration, including:
Obtain the certification hash value and certification response value of PPTP VPN passwords;
According to the value of 8 bytes of low level of certification hash value and the value of 8 bytes of a high position of certification response value, pass through violence Traversal, obtains the value of 2 bytes of a high position of NTHash values corresponding to the certification hash value and certification response value;
According to the value of the byte of a high position 2 of NTHash values and its corresponding password information, concordance list, the password information are generated Including certification hash value and certification response value;
Generate password by way of default password traversal, and obtained according to the cryptographic calculations corresponding suspicious NTHash values;
According to the value of 2 bytes of a high position of the suspicious NTHash values, the certification corresponding to acquisition from the concordance list Hash value and certification response value;
According to the corresponding certification hash value and certification response value, the suspicious NTHash values are verified.
It was found from foregoing description, the beneficial effects of the present invention are:Travel time can be reduced, improves verification efficiency.
Further, the password information is included in the value and certification response value of 8 bytes of low level of certification hash value Between 8 bytes of 8 bytes or low level value.
Seen from the above description, because the data that subsequent check is mainly used are 8 bytes of low level of certification hash value The value of value and 8 bytes of the byte of centre 8 or low level of certification response value, therefore only store these information and can complete to verify, And the space-consuming of concordance list can be reduced.
Further, it is described " according to the corresponding certification hash value and certification response value, to the suspicious NTHash values Verified " be specially:
Line translation is entered to the value of 7 bytes of low level of the suspicious NTHash values, generates the encryption key of 8 bytes;
According to the encryption key, to the value of 8 bytes of low level of certification hash value corresponding to the suspicious NTHash values Des encryption is carried out, obtains the first ciphertext;
Judging the value of 8 bytes of low level of first ciphertext certification response value corresponding with the suspicious NTHash values is It is no identical;
If so, then judge that verification passes through;
If it is not, then judge that verification does not pass through.
Seen from the above description, because the value of 8 bytes of low level of certification response value is 8 words of low level of certification hash value What the value of section obtained after one group of des encryption, and encryption key is being worth to according to 7 bytes of low level of NTHash values , utilize the feature, you can the suspicious NTHash values are verified.
Further, it is described " according to the corresponding certification hash value and certification response value, to the suspicious NTHash values Verified " be specially:
Line translation is entered to the value of 3rd byte to 9th byte of the suspicious NTHash values from a high position to low level, generated The encryption key of 8 bytes;
According to the encryption key, to the value of 8 bytes of low level of certification hash value corresponding to the suspicious NTHash values Des encryption is carried out, obtains the second ciphertext;
Judging the value of 8 bytes in centre of certification response value corresponding to second ciphertext and the suspicious NTHash values is It is no identical;
If so, then judge that verification passes through;
If it is not, then judge that verification does not pass through.
Seen from the above description, because the value of 8 bytes in centre of certification response value is 8 words of low level of certification hash value What the value of section obtained after one group of des encryption, and encryption key is the 3rd from a high position to the low level word according to NTHash values Being worth to the 9th byte is saved, utilizes the feature, you can the suspicious NTHash values are verified.
Further, after described " if so, then judging that verification passes through ", further comprise:
According to the corresponding certification hash value and certification response value, complete checks are carried out to the suspicious NTHash values;
If verification passes through, judge the suspicious NTHash values for corresponding to the certification hash value and certification response value NTHash values.
Seen from the above description, after by above-mentioned verification, represent that the corresponding reorganization password information of the suspicious NTHash values is Great possibility, now completely verified, be further ensured that the accuracy of result.
Further, it is described " generate password by way of default password traversal, and according to the cryptographic calculations obtain with Suspicious NTHash values corresponding to it " are specially:
Password is generated by way of violence traversal or dictionary traversal;
The password is subjected to MD4 cryptographic calculations, obtains suspicious NTHash values corresponding with the password.
Seen from the above description, due to the NTHash values of user cipher available 16 byte after MD4 AESs, profit With the feature, substantial amounts of suspicious NTHash values can be calculated according to the password largely traveled through out.
It is further, described that " according to the value of the byte of a high position 2 of NTHash values and its corresponding password information, generation indexes Table " is specially:
The first concordance list, the second concordance list and the 3rd concordance list are built, in first concordance list and the second concordance list Index address is the first index address, and the value of first index address is respectively 0-65535, the rope in the 3rd concordance list It is the second index address to draw address;
Password information is stored into the 3rd concordance list, obtains the second index address corresponding to the password information;
The mark stored in the first index address for matching the value of the byte of a high position 2 with NTHash values in the first concordance list Will position is provided with valid value, and the flag bit stored in other first index addresses is arranged into invalid value;
The first of the value matching of the byte of a high position 2 of NTHash values corresponding with a password information is obtained in the second concordance list Index address;
Judge whether the first index address of the matching is occupied;
If it is not, the second index address corresponding to a password information is then write to the first index address of the matching In;
If so, the first index address that the second index address corresponding to a password information is then write to the matching is suitable Next unappropriated first index address prolonged;
If the height of the value NTHash values corresponding with a password information of the byte of a high position 2 of NTHash values corresponding to existing Other password informations of the value identical of 2 bytes of position, then will the second rope corresponding to other described password informations in the second concordance list Draw address and write next unappropriated first index address that the 3rd index address is postponed successively, the 3rd index address is It is stored with the first index address of the second index address corresponding to a password information.
Seen from the above description, concordance list is divided into three, FPGA treatment effeciency can be made optimal.
Further, it is described " according to the value of 2 bytes of a high position of the suspicious NTHash values, to be obtained from the concordance list Certification hash value and certification response value corresponding to taking;According to the corresponding certification hash value and certification response value, to it is described can NTHash values are doubted to be verified " be specially:
Judge the first index matched in first concordance list with the value of 2 bytes of a high position of the suspicious NTHash values Whether the flag bit stored in address is virtual value;
If so, then the suspicious NTHash values are stored into FIFO memory;
Obtain a suspicious NTHash values successively from the FIFO memory;
The the first index ground matched with the value of the byte of a high position 2 of described one suspicious NTHash values is obtained in the second concordance list The second index address stored in location;
According to the second acquired index address, the password information corresponding to acquisition in the 3rd concordance list;
According to the corresponding password information, NTHash values suspicious to described one verify;
Obtain next first rope that the first index address of the value matching of the byte of a high position 2 of the suspicious NTHash values is postponed Draw address;
Judge whether next first index address is stored with effective second index address;
If it is not, then judge to complete the verification of a suspicious NTHash values;
If so, then obtain the second index address stored in next first index address;
According to the second acquired index address, the password information corresponding to acquisition in the 3rd concordance list;
According to the corresponding password information, NTHash values suspicious to described one verify;
Obtain next first index address of next first index address;
Continue executing with and described the step of whether next first index address is stored with effective second index address judged.
Seen from the above description, it is ensured that each group of password information is all verified corresponding to suspicious NTHash values.
The present invention also proposes a kind of computer-readable recording medium, is stored thereon with computer program, described program is located The step of reason device realizes method as described above when performing.
Embodiment one
Fig. 1 is refer to, embodiments of the invention one are:A kind of PPTP VPN password methods of calibration, comprise the following steps:
S1:Obtain the certification hash value and certification response value of PPTP VPN passwords;From PPTP VPN password communication messages The certification response value (ChallengeResponse) of 24 bytes can be directly obtained in cleartext information and calculates 20 bytes indirectly Certification hash value (ChallengeHash).
S2:According to the value of 8 bytes of low level of certification hash value and the value of 8 bytes of a high position of certification response value, pass through Violence travels through, and obtains the value of 2 bytes of a high position of NTHash values corresponding to the certification hash value and certification response value;Due to inciting somebody to action The value of 2 bytes of a high position of NTHash values is used as encryption key after particular transform, to 8 bytes of low level of certification hash value Value the values of 8 bytes of a high position that can obtain certification response value is encrypted, therefore, traveled through, can be recognized by violence Demonstrate,prove the value of 2 bytes of a high position of NTHash values corresponding to hash value and certification response value.
S3:According to the value of the byte of a high position 2 of NTHash values and its corresponding password information, concordance list, the password are generated Information includes certification hash value and certification response value;Can be using the value of the byte of a high position 2 of NTHash values as index address, index ground Corresponding with the NTHash values certification hash value and certification response value are stored in location;Due to there may be password letter more than two NTHash values are identical corresponding to breath, therefore, if an only concordance list, may be stored with an index address more than two Password information.
Further, when concordance list is one, the scope of index address can only include the byte of a high position 2 of NTHash values Index address corresponding to value, the scope of index address can be also set to 0-65535 (2 16 power index addresses altogether), this When, the field of concordance list may include index address, flag bit, password number and password information, and the flag bit is used to mark the rope Draw whether address is effective, i.e., whether have the value of the byte of a high position 2 of NTHash values matched, if the high position in the presence of a NTHash values The value of 2 bytes matches with the index address, then flag bit corresponding to the index address is provided with into valid value;The password Number is used for the group number for recording password information corresponding to NTHash values corresponding with the index address;The password information is used to remember Password information corresponding to record NTHash values corresponding with the index address.
S4:Generate password by way of default password traversal, and according to the cryptographic calculations obtain it is corresponding can Doubt NTHash values;Further, password is generated by way of violence traversal or dictionary traversal, password progress MD4 is added Close, obtained ciphertext is suspicious NTHash values corresponding with the password.Each password can calculate a suspicious NTHash value.
S5:According to the value of 2 bytes of a high position of the suspicious NTHash values, the certification corresponding to acquisition from the concordance list Hash value and certification response value;
S6:According to the corresponding certification hash value and certification response value, the suspicious NTHash values are verified.If One suspicious NTHash values have got password information more than two, then are verified respectively.
Further, the step S6 may include the one of which in following two specific verification modes, can also be two kinds It is carried out;
First, as shown in Fig. 2 comprise the following steps:
S601:Line translation is entered to the value of 7 bytes of low level of the suspicious NTHash values, the encryption for generating 8 bytes is close Key;
S602:According to the encryption key, to 8 bytes of low level of certification hash value corresponding to the suspicious NTHash values Value carry out des encryption, obtain the first ciphertext;
S603:Judge 8 bytes of low level of first ciphertext certification response value corresponding with the suspicious NTHash values Value it is whether identical, if so, step S604 is then performed, if it is not, then performing step S605;
S604:Judge that verification passes through;
S605:Judge that verification does not pass through.
Second, as shown in figure 3, comprise the following steps:
S611:To 3rd byte of the suspicious NTHash values from a high position to low level to the 9th byte (or from low level To a high position the 8th byte to the 14th byte) value enter line translation, generate the encryption key of 8 bytes;
S612:According to the encryption key, to 8 bytes of low level of certification hash value corresponding to the suspicious NTHash values Value carry out des encryption, obtain the second ciphertext;
S613:Judge the byte of centre 8 of certification response value corresponding to second ciphertext and the suspicious NTHash values Value it is whether identical, if so, step S614 is then performed, if it is not, then performing step S615;
S614:Judge that verification passes through;
S615:Judge that verification does not pass through.
The position for differing only in 7 bytes of acquisition from suspicious NTHash values of above two mode is different, and The position of 8 bytes of the certification response value matched somebody with somebody is different.
Wherein, because certification response value is 24 bytes, therefore 8 bytes of a high position for certification response value are i.e. from a high position to low 1st byte of position to the 8th byte, middle 8 bytes be the 9th byte to the 16th byte, 8 bytes of low level are the 17th Individual byte is to the 24th byte.
Further, can will be every in the value of 7 bytes of suspicious NTHash values for the conversion in the S601 and S611 An identical binary number (0 or 1) is inserted every 7bit, you can obtains the value of 8 bytes.
Further, when step S6 only carries out the one of which of above two verification mode, due to need to only use certification The value of the value of 8 bytes of low level of hash value and 8 bytes of the byte of centre 8 or low level of certification response value, therefore, the mouth Information is made to only include the value of 8 bytes of low level and the byte of centre 8 of certification response value or low level 8 of certification hash value The value of byte, so as to reduce the space-consuming of concordance list.When step S6 is carried out to above two verification mode, then password Information includes 8 words of value and low level of the value of 8 bytes of low level of certification hash value and the byte of centre 8 of certification response value The value of section.
Further, after step S604 and S614, can according to the corresponding certification hash value and certification response value, Complete checks are carried out to the suspicious NTHash values.Specifically, will the suspicious NTHash values 2 bytes of a high position, centre 7 7 bytes of individual byte and low level obtain three groups of DES encryption key after conversion respectively, then respectively to certification hash value The value of 8 bytes of low level carries out des encryption, by obtain three groups of ciphertexts respectively the value with 8 bytes of a high position of certification response value, The value of 8 bytes of value and low level of middle 8 bytes is matched, if all identical, it is institute to judge the suspicious NTHash values State NTHash values corresponding to certification hash value and certification response value.
The present embodiment only needs the encryption key for traveling through 2 bytes just can be quick extensive using one of which des encryption algorithm Corresponding to appearing again the characteristics of the value of 2 bytes of a high position of NTHash values, by the values of 2 bytes of a high position for establishing NTHash values and The concordance list of certification hash value and certification response value, then generate password and calculate suspicious NTHash values, and index of reference table is tentatively looked for Certification hash value and certification response value, are then further verified corresponding to going out, and so as to realize, once traversal is completed to multigroup Password carries out the process of parallel check.Travel time can be reduced, improves verification efficiency.
Embodiment two
The present embodiment is the further expansion of step S3, S5 and S6 in embodiment one.
As shown in figure 4, the step S3 comprises the following steps:
S301:Build the first concordance list, the second concordance list and the 3rd concordance list, first concordance list and the second concordance list In index address be the first index address, the value of first index address is respectively 0-65535, in the 3rd concordance list Index address be the second index address.
S302:Password information is stored into the 3rd concordance list, obtains the second index address corresponding to the password information; Password information is stored into the space of the second index address in the 3rd concordance list, in the space of each second index address Only store one group of password information.
S303:Deposited in the first index address for matching the value of the byte of a high position 2 with NTHash values in the first concordance list The flag bit of storage is provided with valid value, and the flag bit stored in other first index addresses is arranged into invalid value;If for example, The value of the byte of a high position 2 of NTHash values corresponding to one group of password information is 0x1F10, then the first index ground in the first concordance list Location is that default virtual value (such as 1) is write in 0x1F10 space, and the value for representing the byte of a high position 2 of NTHash values is the address During value, corresponding password information be present;As the NTHash values of the password information of whole the byte of a high position 2 value not with one first Index address is matched, then default invalid value (such as 0) is write in the space of first index address, represents a high position for NTHash values When the value of 2 bytes is the value of the address, in the absence of corresponding password information.
S304:The value matching of the byte of a high position 2 of NTHash values corresponding with a password information is obtained in the second concordance list The first index address;
S305:Judge whether the first index address of the matching is occupied, if it is not, step S306 is then performed, if so, Then perform step S307.
S306:Second index address corresponding to one password information is write in the first index address of the matching; Perform step S308.
S307:The first index address that second index address corresponding to one password information is write to the matching is postponed Next unappropriated first index address;Perform step S308.
S308:Other password informations are judged whether, the word of a high position 2 of NTHash values corresponding to other described password informations The value of section is identical with the value of the byte of a high position 2 of NTHash values corresponding to a password information, if so, then performing step S309.
S309:The second index address corresponding to other described password informations is write into the 3rd rope successively in the second concordance list Draw next unappropriated first index address that address is postponed, the 3rd index address is to be stored with a password information First index address of corresponding second index address.
For step S304-S309, i.e., re-scheduling processing is carried out to the second concordance list.Specifically, it is more than two when occurring It is when the value of the byte of a high position 2 of NTHash values corresponding to password information is identical, it is necessary to its corresponding first index address is backward suitable Prolong;For example, the value for having the byte of a high position 2 of NTHash values corresponding to two groups of password information is all 0x1F10, then one group of password letter The second index address is inserted in 0x1F10 addresses corresponding to breath, and the second index address corresponding to another group of password information should then be inserted In 0x1F11 addresses.If the value of the byte of a high position 2 of NTHash values corresponding to one group of password information has uniqueness, but corresponding Address space is occupied, it is also desirable to postpones backward;For example, when the word of a high position 2 of NTHash values corresponding to previous group password information The value of section is 0x1F11, and above-mentioned middle 0x1F11 address spaces are occupied, then currently organizes the second rope corresponding to password information Drawing address should insert in 0x1F12 addresses.If the value in the presence of the byte of a high position 2 of NTHash values corresponding to two groups of password informations is 0x1F11, and 0x1F11 address spaces are occupied, then the second index address corresponding to one group of password information inserts 0x1F12 In address, the second index address corresponding to another group of password information is inserted in 0x1F13 addresses, by that analogy.
, can be in these the first indexes for unappropriated first index address in the second concordance list after step S309 Default invalid value (such as 0x1FFF) is inserted in address.
It was found from above-mentioned steps, in the present embodiment, concordance list is divided into three concordance lists, respectively the first concordance list, Two concordance lists and the 3rd concordance list.
The space size of first concordance list is 65536 × 1, and index address scope is 0-65535, each address space storage The flag bit of 1bit information, i.e. 1bit, in the present embodiment, 0 represents invalid value, and 1 represents virtual value.
The space size of second concordance list is 65536 × 13, and index address scope is 0-65535, and each address space is deposited 13bit information is put, represents the index address of the 3rd concordance list, and it is invalid value to arrange 0x1FFF.
The space size of 3rd concordance list is 8192 × 128, and index address scope is 0-8191, each address space storage The value of 8 bytes of low level and the byte of centre 8 or low level 8 of certification response value of 128bit information, specially certification hash value The value of individual byte.
The purpose of first concordance list is that preliminary screening is carried out to suspicious NThash values, suspicious to prevent from filtering out NTHash values quantity excessively causes cache overflow below, and the effective information number in the first concordance list is no more than table space in theory 1/8th, i.e. a group index table (above-mentioned three concordance lists are a group index table) stores up to 8000 groups or so of password Information.Therefore, 8192 index addresses are provided with the 3rd concordance list, i.e., 2 13 powers are therefore, each in the second concordance list Address space deposits 13bit information.If the password information more than 8000 groups need to be verified simultaneously, multigroup concordance list can be set.
Step S3 can be performed by CPU, and then obtained above-mentioned three concordance lists are configured in table space corresponding to FPGA, And configure password traversal mode.
In step S4, FPGA travels through mode according to the password of configuration and generates password, and each password calculates can corresponding to one Doubt NTHash values.
Because the storage mode of concordance list in step S3 is improved, step S5, S6 is also improved therewith.
As shown in figure 5, corresponding above-mentioned steps S3 step S5, S6 comprises the following steps:
S501:Judge matched in first concordance list with the value of 2 bytes of a high position of the suspicious NTHash values Whether the flag bit stored in one index address is virtual value;If so, then perform step S502.An if for example, suspicious NTHash The value of 2 bytes of a high position of value is 0x1F10, and the information in the first concordance list in the space of 0x1F10 addresses is 1, and representative has Valid value, then step S502 is performed, the suspicious NTHash values is otherwise abandoned, next suspicious NTHash values is judged.
S502:The suspicious NTHash values are stored into FIFO memory;, can because FPGA is using the design of full flowing water It is to prevent that occurring current NTHash values in following step is not handled also to doubt NTHash values and store to the purpose of FIFO memory Complete flow below is carried out a NTHash value and led to a conflict again.
S503:A suspicious NTHash values are obtained from the FIFO memory;
S504:First matched with the value of the byte of a high position 2 of described one suspicious NTHash values is obtained in the second concordance list The second index address stored in index address;
S505:According to the second acquired index address, the password information corresponding to acquisition in the 3rd concordance list;
S506:According to the corresponding password information, NTHash values suspicious to described one verify;The step is suitable Step S6 in embodiment one;
S507:Next first index address postponed is obtained, i.e. ad=ad+1, ad initial value are current suspicious NTHash The value of the byte of a high position 2 of value;
S508:Judge whether next first index address is stored with effective second index address, that is, judge whether Storage is the second index address in the 3rd concordance list, rather than invalid value (0x1FFF);If so, step S509 is performed, if It is no, then judge to complete the verification of a suspicious NTHash values, next suspicious NTHash values are obtained from the FIFO memory, Step S503 is performed, until the suspicious NTHash values in FIFO memory have all traveled through.
S509:Obtain the second index address stored in next first index address;Return and perform step S505.
That is, reading a suspicious NTHash value from FIFO memory, the value of its 2 byte of high position is taken to be used as the The index address of two concordance lists, read out corresponding to the second index address, further according to second index address from the 3rd concordance list In read out corresponding to password information verified, complete this time verification after, also need to be successively read the index in the second concordance list The value in address space behind address is further verified, until the value in the second concordance list in index address is invalid Untill value 0x1FFF, the verification completed to current suspicious NTHash values is just calculated, can just be read again from FIFO memory next Suspicious NTHash values.
For example, is stored with the second concordance list, in 0x1F10,0x1F11,0x1F12,0x1F13 address space Two index addresses, that store in 0x1F14 address space is invalid value 0x1FFF, if a then high position 2 for a suspicious NTHash values The value of byte is 0x1F10, then needs to obtain the second rope in tetra- address spaces of 0x1F10,0x1F11,0x1F12,0x1F13 successively Draw address, after obtaining the second index address in an address space, obtained according to second index address from the 3rd concordance list Password information corresponding to taking is verified, and obtains the second index information in next address space after the completion of this time verification again, according to It is secondary to analogize.
Concordance list is divided into three by the present embodiment, can make FPGA efficiency optimization;In the second concordance list from it is suspicious The second index address is obtained in the space of first index address of the value matching of 2 bytes of a high position of NTHash values, so as to obtain After corresponding password information is verified, the second index address in address space below is also obtained successively, and also to corresponding Password information verified, ensure that each group of password information corresponding to the suspicious NTHash values is all verified.
Embodiment three
The present embodiment is a kind of computer-readable recording medium of corresponding above-described embodiment, is stored thereon with computer journey Sequence, following steps are realized when described program is executed by processor:
Obtain the certification hash value and certification response value of PPTP VPN passwords;
According to the value of 8 bytes of low level of certification hash value and the value of 8 bytes of a high position of certification response value, pass through violence Traversal, obtains the value of 2 bytes of a high position of NTHash values corresponding to the certification hash value and certification response value;
According to the value of the byte of a high position 2 of NTHash values and its corresponding password information, concordance list, the password information are generated Including certification hash value and certification response value;
Generate password by way of default password traversal, and obtained according to the cryptographic calculations corresponding suspicious NTHash values;
According to the value of 2 bytes of a high position of the suspicious NTHash values, the certification corresponding to acquisition from the concordance list Hash value and certification response value;
According to the corresponding certification hash value and certification response value, the suspicious NTHash values are verified.
Further, the password information is included in the value and certification response value of 8 bytes of low level of certification hash value Between 8 bytes of 8 bytes or low level value.
Further, it is described " according to the corresponding certification hash value and certification response value, to the suspicious NTHash values Verified " be specially:
Line translation is entered to the value of 7 bytes of low level of the suspicious NTHash values, generates the encryption key of 8 bytes;
According to the encryption key, to the value of 8 bytes of low level of certification hash value corresponding to the suspicious NTHash values Des encryption is carried out, obtains the first ciphertext;
Judging the value of 8 bytes of low level of first ciphertext certification response value corresponding with the suspicious NTHash values is It is no identical;
If so, then judge that verification passes through;
If it is not, then judge that verification does not pass through.
Further, it is described " according to the corresponding certification hash value and certification response value, to the suspicious NTHash values Verified " be specially:
Line translation is entered to the value of 3rd byte to 9th byte of the suspicious NTHash values from a high position to low level, generated The encryption key of 8 bytes;
According to the encryption key, to the value of 8 bytes of low level of certification hash value corresponding to the suspicious NTHash values Des encryption is carried out, obtains the second ciphertext;
Judging the value of 8 bytes in centre of certification response value corresponding to second ciphertext and the suspicious NTHash values is It is no identical;
If so, then judge that verification passes through;
If it is not, then judge that verification does not pass through.
Further, after described " if so, then judging that verification passes through ", further comprise:
According to the corresponding certification hash value and certification response value, complete checks are carried out to the suspicious NTHash values;
If verification passes through, judge the suspicious NTHash values for corresponding to the certification hash value and certification response value NTHash values.
Further, it is described " generate password by way of default password traversal, and according to the cryptographic calculations obtain with Suspicious NTHash values corresponding to it " are specially:
Password is generated by way of violence traversal or dictionary traversal;
The password is subjected to MD4 cryptographic calculations, obtains suspicious NTHash values corresponding with the password.
It is further, described that " according to the value of the byte of a high position 2 of NTHash values and its corresponding password information, generation indexes Table " is specially:
The first concordance list, the second concordance list and the 3rd concordance list are built, in first concordance list and the second concordance list Index address is the first index address, and the value of first index address is respectively 0-65535, the rope in the 3rd concordance list It is the second index address to draw address;
Password information is stored into the 3rd concordance list, obtains the second index address corresponding to the password information;
The mark stored in the first index address for matching the value of the byte of a high position 2 with NTHash values in the first concordance list Will position is provided with valid value, and the flag bit stored in other first index addresses is arranged into invalid value;
The first of the value matching of the byte of a high position 2 of NTHash values corresponding with a password information is obtained in the second concordance list Index address;
Judge whether the first index address of the matching is occupied;
If it is not, the second index address corresponding to a password information is then write to the first index address of the matching In;
If so, the first index address that the second index address corresponding to a password information is then write to the matching is suitable Next unappropriated first index address prolonged;
If the height of the value NTHash values corresponding with a password information of the byte of a high position 2 of NTHash values corresponding to existing Other password informations of the value identical of 2 bytes of position, then will the second rope corresponding to other described password informations in the second concordance list Draw address and write next unappropriated first index address that the 3rd index address is postponed successively, the 3rd index address is It is stored with the first index address of the second index address corresponding to a password information.
Further, it is described " according to the value of 2 bytes of a high position of the suspicious NTHash values, to be obtained from the concordance list Certification hash value and certification response value corresponding to taking;According to the corresponding certification hash value and certification response value, to it is described can NTHash values are doubted to be verified " be specially:
Judge the first index matched in first concordance list with the value of 2 bytes of a high position of the suspicious NTHash values Whether the flag bit stored in address is virtual value;
If so, then the suspicious NTHash values are stored into FIFO memory;
Obtain a suspicious NTHash values successively from the FIFO memory;
The the first index ground matched with the value of the byte of a high position 2 of described one suspicious NTHash values is obtained in the second concordance list The second index address stored in location;
According to the second acquired index address, the password information corresponding to acquisition in the 3rd concordance list;
According to the corresponding password information, NTHash values suspicious to described one verify;
Obtain next first rope that the first index address of the value matching of the byte of a high position 2 of the suspicious NTHash values is postponed Draw address;
Judge whether next first index address is stored with effective second index address;
If it is not, then judge to complete the verification of a suspicious NTHash values;
If so, then obtain the second index address stored in next first index address;
According to the second acquired index address, the password information corresponding to acquisition in the 3rd concordance list;
According to the corresponding password information, NTHash values suspicious to described one verify;
Obtain next first index address of next first index address;
Continue executing with and described the step of whether next first index address is stored with effective second index address judged.
In summary, a kind of PPTP VPN passwords method of calibration provided by the invention and computer-readable recording medium, profit The encryption key for only being needed to travel through 2 bytes with one of which des encryption algorithm just can quickly recover corresponding NTHash values 2 bytes of a high position value the characteristics of, should by value and the certification hash value and certification for 2 bytes of a high position for establishing NTHash values The concordance list of value is answered, password is then generated and calculates suspicious NTHash values, and index of reference table tentatively finds out corresponding certification hash value With certification response value, then further verified, so as to realize that once traversal is completed to carry out parallel check to multigroup password Process.The present invention can reduce travel time, improve verification efficiency.
Embodiments of the invention are the foregoing is only, are not intended to limit the scope of the invention, it is every to utilize this hair The equivalents that bright specification and accompanying drawing content are made, or the technical field of correlation is directly or indirectly used in, similarly include In the scope of patent protection of the present invention.

Claims (9)

  1. A kind of 1. PPTP VPN password methods of calibration, it is characterised in that including:
    Obtain the certification hash value and certification response value of PPTP VPN passwords;
    According to the value of 8 bytes of low level of certification hash value and the value of 8 bytes of a high position of certification response value, pass through violence time Go through, obtain the value of 2 bytes of a high position of NTHash values corresponding to the certification hash value and certification response value;
    According to the value of the byte of a high position 2 of NTHash values and its corresponding password information, concordance list is generated, the password information includes Certification hash value and certification response value;
    Password is generated by way of default password traversal, and corresponding suspicious NTHash is obtained according to the cryptographic calculations Value;
    According to the value of 2 bytes of a high position of the suspicious NTHash values, the certification hash value corresponding to acquisition from the concordance list With certification response value;
    According to the corresponding certification hash value and certification response value, the suspicious NTHash values are verified.
  2. 2. PPTP VPN password methods of calibration according to claim 1, it is characterised in that the password information includes certification The value of the value of 8 bytes of low level of hash value and 8 bytes of the byte of centre 8 or low level of certification response value.
  3. 3. PPTP VPN password methods of calibration according to claim 1, it is characterised in that described " according to described corresponding Certification hash value and certification response value, the suspicious NTHash values are verified " be specially:
    Line translation is entered to the value of 7 bytes of low level of the suspicious NTHash values, generates the encryption key of 8 bytes;
    According to the encryption key, the value of 8 bytes of low level of certification hash value corresponding to the suspicious NTHash values is carried out Des encryption, obtain the first ciphertext;
    Judge 8 bytes of low level of first ciphertext certification response value corresponding with the suspicious NTHash values value whether phase Together;
    If so, then judge that verification passes through;
    If it is not, then judge that verification does not pass through.
  4. 4. PPTP VPN password methods of calibration according to claim 1, it is characterised in that described " according to described corresponding Certification hash value and certification response value, the suspicious NTHash values are verified " be specially:
    Line translation is entered to the value of 3rd byte to 9th byte of the suspicious NTHash values from a high position to low level, generates 8 The encryption key of byte;
    According to the encryption key, the value of 8 bytes of low level of certification hash value corresponding to the suspicious NTHash values is carried out Des encryption, obtain the second ciphertext;
    Judge 8 bytes in centre of certification response value corresponding to second ciphertext and the suspicious NTHash values value whether phase Together;
    If so, then judge that verification passes through;
    If it is not, then judge that verification does not pass through.
  5. 5. the PPTP VPN password methods of calibration according to claim 3 or 4, it is characterised in that described " if so, then judging Verification passes through " after, further comprise:
    According to the corresponding certification hash value and certification response value, complete checks are carried out to the suspicious NTHash values;
    If verification passes through, judge the suspicious NTHash values for NTHash corresponding to the certification hash value and certification response value Value.
  6. 6. PPTP VPN password methods of calibration according to claim 1, it is characterised in that described " to pass through default password Traversal mode generates password, and obtains corresponding suspicious NTHash values according to the cryptographic calculations " be specially:
    Password is generated by way of violence traversal or dictionary traversal;
    The password is subjected to MD4 cryptographic calculations, obtains suspicious NTHash values corresponding with the password.
  7. 7. PPTP VPN password methods of calibration according to claim 1, it is characterised in that described " according to NTHash values The value and its corresponding password information of high-order 2 bytes, generate concordance list " be specially:
    Build the first concordance list, the second concordance list and the 3rd concordance list, the index in first concordance list and the second concordance list Address is the first index address, and the value of first index address is respectively 0-65535, the index in the 3rd concordance list Location is the second index address;
    Password information is stored into the 3rd concordance list, obtains the second index address corresponding to the password information;
    The flag bit stored in the first index address for matching the value of the byte of a high position 2 with NTHash values in the first concordance list Valid value is provided with, the flag bit stored in other first index addresses is arranged to invalid value;
    The first index of the value matching of the byte of a high position 2 of NTHash values corresponding with a password information is obtained in the second concordance list Address;
    Judge whether the first index address of the matching is occupied;
    If it is not, then the second index address corresponding to a password information is write in the first index address of the matching;
    If so, then the first index address of the second index address write-in matching corresponding to a password information is postponed Next unappropriated first index address;
    An if high position 2 for the value NTHash values corresponding with a password information of the byte of a high position 2 of NTHash values corresponding to existing Other password informations of the value identical of byte, then will the second index ground corresponding to other described password informations in the second concordance list Location writes next unappropriated first index address that the 3rd index address is postponed successively, and the 3rd index address is storage There is the first index address that described a bite makes the second index address corresponding to information.
  8. 8. PPTP VPN password methods of calibration according to claim 7, it is characterised in that described " according to described suspicious The value of 2 bytes of a high position of NTHash values, certification hash value and certification response value corresponding to acquisition from the concordance list;According to Certification hash value and certification response value, are verified to the suspicious NTHash values corresponding to described " be specially:
    Judge the first index address matched in first concordance list with the value of 2 bytes of a high position of the suspicious NTHash values Whether the flag bit of middle storage is virtual value;
    If so, then the suspicious NTHash values are stored into FIFO memory;
    Obtain a suspicious NTHash values successively from the FIFO memory;
    Obtained in the second concordance list in the first index address matched with the value of the byte of a high position 2 of described one suspicious NTHash values Second index address of storage;
    According to the second acquired index address, the password information corresponding to acquisition in the 3rd concordance list;
    According to the corresponding password information, NTHash values suspicious to described one verify;
    Obtain next first index ground that the first index address of the value matching of the byte of a high position 2 of the suspicious NTHash values is postponed Location;
    Judge whether next first index address is stored with effective second index address;
    If it is not, then judge to complete the verification of a suspicious NTHash values;
    If so, then obtain the second index address stored in next first index address;
    According to the second acquired index address, the password information corresponding to acquisition in the 3rd concordance list;
    According to the corresponding password information, NTHash values suspicious to described one verify;
    Obtain next first index address of next first index address;
    Continue executing with and described the step of whether next first index address is stored with effective second index address judged.
  9. 9. a kind of computer-readable recording medium, is stored thereon with computer program, it is characterised in that described program is by processor The step of method as described in claim any one of 1-8 is realized during execution.
CN201710665048.8A 2017-08-07 2017-08-07 PPTP VPN password verification method and computer readable storage medium Active CN107566123B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710665048.8A CN107566123B (en) 2017-08-07 2017-08-07 PPTP VPN password verification method and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710665048.8A CN107566123B (en) 2017-08-07 2017-08-07 PPTP VPN password verification method and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN107566123A true CN107566123A (en) 2018-01-09
CN107566123B CN107566123B (en) 2021-04-27

Family

ID=60975190

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710665048.8A Active CN107566123B (en) 2017-08-07 2017-08-07 PPTP VPN password verification method and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN107566123B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111181972A (en) * 2019-12-31 2020-05-19 厦门市美亚柏科信息股份有限公司 Processing method and device for PPTP data real-time analysis
CN112751821A (en) * 2020-07-29 2021-05-04 上海安辰网络科技有限公司 Data transmission method, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130212387A1 (en) * 2011-08-31 2013-08-15 Jon Oberheide System and method for delivering a challenge response in an authentication protocol
US20150195251A1 (en) * 2014-01-09 2015-07-09 Electronics And Telecommunications Research Institute Packet analysis apparatus and method and virtual private network server
CN105847247A (en) * 2016-03-21 2016-08-10 飞天诚信科技股份有限公司 Authentication system and working method thereof
CN106789524A (en) * 2016-11-24 2017-05-31 中国电子科技集团公司第三十研究所 The high speed parsing of VPN encrypted tunnels and restoring method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130212387A1 (en) * 2011-08-31 2013-08-15 Jon Oberheide System and method for delivering a challenge response in an authentication protocol
US20150195251A1 (en) * 2014-01-09 2015-07-09 Electronics And Telecommunications Research Institute Packet analysis apparatus and method and virtual private network server
CN105847247A (en) * 2016-03-21 2016-08-10 飞天诚信科技股份有限公司 Authentication system and working method thereof
CN106789524A (en) * 2016-11-24 2017-05-31 中国电子科技集团公司第三十研究所 The high speed parsing of VPN encrypted tunnels and restoring method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘建: "基于专用字典的密码破解方法研究与应用", 《中国优秀硕士学问论文全文数据库信息科技辑》 *
此号被封: "破解PPTP加密类型的VPN", 《安全脉搏》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111181972A (en) * 2019-12-31 2020-05-19 厦门市美亚柏科信息股份有限公司 Processing method and device for PPTP data real-time analysis
CN112751821A (en) * 2020-07-29 2021-05-04 上海安辰网络科技有限公司 Data transmission method, electronic equipment and storage medium
CN112751821B (en) * 2020-07-29 2022-12-13 上海安辰网络科技有限公司 Data transmission method, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN107566123B (en) 2021-04-27

Similar Documents

Publication Publication Date Title
US10778441B2 (en) Redactable document signatures
CN109716375B (en) Block chain account processing method, device and storage medium
JP2776491B2 (en) Tag determination method and device
US20160358165A1 (en) Cryptographically concealing amounts transacted on a ledger while preserving a network's ability to verify the transaction
CN108737374A (en) The method for secret protection that data store in a kind of block chain
CN106610995B (en) Method, device and system for creating ciphertext index
CN111325535A (en) Block chain private key management method, system and storage medium based on elliptic curve migration
CN117640256B (en) Data encryption method, recommendation device and storage medium of wireless network card
CN108985102A (en) Data integrity verification method, device, system and storage medium
CN111698222B (en) Covert communication method of special bitcoin address generated based on vanitygen
CN107566123A (en) PPTP VPN passwords methods of calibration and computer-readable recording medium
CN107612969B (en) B-Tree bloom filter-based cloud storage data integrity auditing method
CN104463020A (en) Method for protecting data integrity of memory
CN111859424B (en) Data encryption method, system, terminal and storage medium of physical management platform
WO2014089843A1 (en) Method and device for data encryption and decryption
CN112217646B (en) Device and method for realizing SM3 password hash algorithm
CN105933120A (en) Spark platform-based password hash value recovery method and device
CN116208420B (en) Monitoring information safety transmission method, system, equipment and storage medium
CN109768860B (en) Encryption method, decryption method and terminal
CN104363089B (en) A kind of method that fuzzy vault is realized based on geographical location information
CN114826560B (en) Lightweight block cipher CREF implementation method and system
AU2018376027A1 (en) Online and offline circulating unbalanced oil and vinegar signature method
CN109039585A (en) Remote encryption electric power energy consumption data collecting system and method based on DES algorithm
CN106156655B (en) A kind of compressing file and authentication method towards cloud storage
Zhilyaev et al. On the question of the authentication tag length based on Reed-Solomon codes

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant