CN116599662A - Audit method and device for weak password - Google Patents
Audit method and device for weak password Download PDFInfo
- Publication number
- CN116599662A CN116599662A CN202310678840.2A CN202310678840A CN116599662A CN 116599662 A CN116599662 A CN 116599662A CN 202310678840 A CN202310678840 A CN 202310678840A CN 116599662 A CN116599662 A CN 116599662A
- Authority
- CN
- China
- Prior art keywords
- password
- weak
- encryption
- encryption parameter
- positive integer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 73
- 238000012550 audit Methods 0.000 title abstract description 26
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 48
- 230000008569 process Effects 0.000 claims abstract description 17
- 238000012545 processing Methods 0.000 claims abstract description 15
- 230000015654 memory Effects 0.000 claims description 23
- 238000004590 computer program Methods 0.000 claims description 18
- 239000011159 matrix material Substances 0.000 claims description 14
- 238000011161 development Methods 0.000 abstract description 3
- 238000004364 calculation method Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 239000000654 additive Substances 0.000 description 2
- 230000000996 additive effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 206010035148 Plague Diseases 0.000 description 1
- 241000607479 Yersinia pestis Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000052 comparative effect Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application discloses an audit method and device for weak passwords, which can be used in the financial field or other technical fields, and comprises the following steps: processing each password in the weak password set by adopting a homomorphic encryption algorithm to generate a first encryption parameter corresponding to each password in the weak password set; sending the first encryption parameters to an audited party, so that the audited party processes each password in a password database of the audited party aiming at each first encryption parameter, and generating a second encryption parameter corresponding to each password in the password database on each first encryption parameter; and determining a weak password in the password database by performing decryption operation on the second encryption parameter. The application realizes weak password audit under the condition that the password is not exposed, can give consideration to the privacy and auditability of the password, effectively supports the development of information security work and reduces security risk.
Description
Technical Field
The application relates to the technical field of information security, in particular to an auditing method and device aiming at a weak password.
Background
A weak password is a password that is easily guessed and broken. The weak password is one of the problems which plague information security work for a long time, is a non-negligible information security hidden danger, and is difficult to find an effective solution. The problem of weak password is that complicated password causes inconvenient use and memory, and violates the natural habit of people. The problem of weak passwords needs to be solved by means of novel verification technologies, such as multi-factor verification, biological feature recognition, centralized verification platform and the like, and weak password investigation work needs to be carried out from the audit point of view.
The data audit is a requirement put forward in the process of digitization and networking transformation of various industries, and is the extension of the traditional audit work in the information age. Under the prior art system, the password is data stored in a database of a server side, and whether the password is a weak password or not is checked by means of an audit method, so that problems can be better found and correction can be performed. The password data is highly private and sensitive risk data, and direct reference is exposed to serious information security risks. How to perform weak password audit work without obtaining a specific password value is a technical problem to be solved urgently in the field.
Disclosure of Invention
The application provides an auditing method and device for a weak password in order to solve at least one technical problem in the background technology.
To achieve the above object, according to one aspect of the present application, there is provided an auditing method for a weak password, the method including:
processing each password in the weak password set by adopting a homomorphic encryption algorithm to generate a first encryption parameter corresponding to each password in the weak password set;
sending the first encryption parameters to an audited party, so that the audited party processes each password in a password database of the audited party aiming at each first encryption parameter, and generating a second encryption parameter corresponding to each password in the password database on each first encryption parameter;
and determining a weak password in the password database by performing decryption operation on the second encryption parameter.
Optionally, the password in the password database is obtained by encrypting the original password by the audited party through a target hash algorithm.
Optionally, before the processing of each password in the weak password set by adopting the homomorphic encryption algorithm, the method further comprises:
and encrypting each password in the weak password set by adopting the target hash algorithm.
Optionally, the determining the weak password in the password database by performing decryption operation on the second encryption parameter specifically includes:
obtaining operation results corresponding to the second encryption parameters respectively by carrying out decryption operation on the second encryption parameters;
generating a result matrix according to the operation result;
and determining a weak password in the password database according to the result matrix.
Optionally, the homomorphic encryption algorithm is adopted to process each password in the weak password set, and the generation of the first encryption parameter corresponding to each password in the weak password set specifically comprises the following steps:
generating an encryption parameter, a first positive integer x and a second positive integer i, wherein the encryption parameter comprises: a public key n, wherein a first positive integer x is the product of a and a second positive integer i, and a is the password in the weak password set;
encrypting the first positive integer x and the first positive integer n-i by using a Paillier encryption algorithm to obtain a first ciphertext C x And second ciphertext C i ;
Public key n, first ciphertext C x And second ciphertext C i And determining the first encryption parameter.
Optionally, the audited party specifically generates a third positive integer y and a fourth positive integer j, where the third positive integer y is a product of b and the fourth positive integer j, b is a password in the password database, and then generates the second encryption parameter according to the third positive integer y, the fourth positive integer j and the first encryption parameter.
Optionally, the homomorphic encryption algorithm is specifically a Paillier encryption algorithm.
To achieve the above object, according to another aspect of the present application, there is provided an auditing apparatus for a weak password, the apparatus including:
the first encryption parameter generation unit is used for processing each password in the weak password set by adopting a homomorphic encryption algorithm to generate a first encryption parameter corresponding to each password in the weak password set;
the sending unit is used for sending the first encryption parameters to an audited party so that the audited party processes each password in a password database of the audited party aiming at each first encryption parameter to generate a second encryption parameter corresponding to each password in the password database on each first encryption parameter;
and the weak password identification unit is used for determining the weak password in the password database by carrying out decryption operation on the second encryption parameter.
To achieve the above object, according to another aspect of the present application, there is also provided a computer apparatus including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the above-described auditing method for weak passwords when the computer program is executed.
To achieve the above object, according to another aspect of the present application, there is also provided a computer-readable storage medium having stored thereon a computer program/instruction which, when executed by a processor, implements the steps of the above-described auditing method for weak passwords.
To achieve the above object, according to another aspect of the present application, there is also provided a computer program product comprising a computer program/instruction which, when executed by a processor, implements the steps of the above-described auditing method for weak passwords.
The beneficial effects of the application are as follows:
according to the embodiment of the application, the homomorphic encryption algorithm is adopted to process each password in the weak password set, so that the first encryption parameters corresponding to each password in the weak password set are generated, then the first encryption parameters are sent to the audited party, so that the audited party processes each password in the own password database aiming at each first encryption parameter, the second encryption parameters corresponding to each password in the password database on each first encryption parameter are generated, and finally the weak password in the password database is determined by carrying out decryption operation on the second encryption parameters, thereby realizing weak password audit under the condition that the passwords are not exposed, considering the privacy and auditability of the passwords, effectively supporting the development of information security work, and reducing the security risk.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. In the drawings:
FIG. 1 is a flow chart of an audit method for a weak password according to an embodiment of the present application;
FIG. 2 is a flow chart of determining a weak password according to an embodiment of the application;
FIG. 3 is a schematic diagram of an application scenario of the present application;
FIG. 4 is a schematic diagram of the overall flow of weak password audit of the present application;
FIG. 5 is a block diagram of an audit device for weak passwords according to an embodiment of the application;
FIG. 6 is a schematic diagram of a computer device according to an embodiment of the application.
Detailed Description
In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
It is noted that the terms "comprises" and "comprising," and any variations thereof, in the description and claims of the present application and in the foregoing figures, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. The application will be described in detail below with reference to the drawings in connection with embodiments.
It should be noted that, in the technical scheme of the application, the acquisition, storage, use, processing and the like of the data all conform to the relevant regulations of national laws and regulations.
It should be noted that the method and the device for auditing the weak password of the present application can be used in the financial field, and can also be used in any field other than the financial field, and the application field of the method and the device for auditing the weak password of the present application is not limited.
Paillier is an asymmetric homomorphic encryption algorithm with additive homomorphism and multiplicative homomorphism. Homomorphic encryption algorithm means that ciphertext calculated by the encryption algorithm is calculated and then decrypted, and the result is equivalent to that of directly carrying out the same calculation on plaintext. For example, plaintext m 1 、m 2 After encryption, ciphertext C is obtained respectively 1 、C 2 The method comprises the following steps: c (C) 1 =E(m 1 )、C 2 =E(m 2 ) If go through pair C 1 And C 2 The calculation of (c) can yield E (m 1 +m 2 ) Then the algorithm is described as having additive homomorphism; similarly, if passing through pair C 1 And C 2 The calculation of (c) can yield E (m 1 *m 2 ) It is stated that the algorithm has a multiplicative homomorphism.
Knowing the positive integer plaintext m, the positive prime numbers p, q are chosen, and the public key n=p×q, the private key s=lcm (p-1, q-1) can be calculated. Wherein lcm represents the least common multiple, and m < n, max(s) = (p-1) ×q-1) < n.
Taking a random positive integer r, making r < n, and making r and n mutually equal, calculating a public key g=a+n+1, wherein a is a positive integer.
Let the encryption process be c=e (m), encrypt plaintext m with n, g, calculate ciphertext c=e (m) = (g) m *r n )%n 2 。
Let the decryption process be m=d (c), decrypt c with s. First, u is calculated, let u be L (g) s %n 2 ) The inverse of the modulus n gives (u.times.L (g) s %n 2 ) % n=1, let L (u) = (u-1)/n. Final calculation m=d (c) = (L (c) s %n 2 )*u)%n。
The Paillier algorithm uses g and n encryption and s decryption, the security principle is derived from the problem of mass factor decomposition of a large number n, and the lengths of p and q are generally ensured to be greater than or equal to 256 bits in practical application.
Suppose there are two plain texts m 1 、m 2 Under the same group key, respectively encrypting to obtain C 1 、C 2 :
C 1 =E(m 1 )=(g m1 *r 1 n )%n 2
C 2 =E(m 2 )=(g m2 *r 2 n )%n 2
Calculating C according to definition of addition homomorphism 1 *C 2 The method comprises the following steps:
C 1 *C 2 =(g m1 *r 1 n )%n 2 *(g m2 *r 2 n )%n 2
=(g m1 *r 1 n *g m2 *r 2 n )%n 2
=(g m1+m2 *(r 1 *r 2) n )%n 2
=E(m 1 +m 2 )
computing C according to definition of multiplication homomorphism 1 m2 The method comprises the following steps:
C 1 m2 =((g m1 *r 1 n )%n 2 ) m2
=((g m1 *r 1 n )) m2 %n 2
=(g (m1*m2) *r 1 (n*m2) )%n 2
=E(m 1 *m 2 )
homomorphic encryption technology is one of the possible schemes for secure multi-party computing, and can solve part of the scene. For example, the two parties are compared for equality without exposing specific data.
Assuming that a knows the value a and B knows the values B and A, B, both need to compare whether a and B are equal without exposing a and B to each other.
A prepares encryption parameters n, g and s of the Paillier algorithm, and simultaneously calculates positive integers x, i such that x=a×i. A calculating ciphertext C of x, n-i after Paillier encryption x 、C i The method comprises the following steps: c (C) x =E(x)、C i After =e (n-i), n, C x 、C i And sending to B. B has only n in the public key, so B cannot be applied to C x 、C i Decryption is performed. B is not in accordance with known n, C x 、C i It is deduced that a, a of a, is safe.
B calculates positive integers y, j such that y=b×j, B receives n, C x 、C i Then t= (C) x i C i y)% n2.B sends the obtained t to A, because there are infinite combinations of y and j corresponding to the unique tWith A not being in accordance with known n, C x 、C i The t extrapolates that B, i.e., B of B, is safe.
A carries out decryption operation on t, and takes the remainder of n, and f is calculated, namely: f=d (t)% n. If f=0, then a=b; otherwise, a+.b.
The homomorphic encryption algorithm can be used for subtraction operation under the ciphertext condition, and the result is consistent with the plaintext subtraction, then:
a-b=x/i-y/j=(x*j-y*i)/i*j
fig. 3 is a schematic diagram of an application scenario of the present application, and as shown in fig. 3, weak password audit is a secure multiparty computation scenario, and requires computation between an auditor a party a and an audited party B. The application provides a weak password auditing method based on homomorphic encryption algorithm, which does not need to expose passwords, and provides a batch quick auditing method to help optimize and improve related work.
Fig. 1 is a flowchart of an audit method for weak passwords according to an embodiment of the application, as shown in fig. 1, and in one embodiment of the application, the audit method for weak passwords of the application includes steps S101 to S103.
Step S101, each password in the weak password set is processed by adopting a homomorphic encryption algorithm, and a first encryption parameter corresponding to each password in the weak password set is generated.
In one embodiment of the present application, the homomorphic encryption algorithm is specifically a Paillier encryption algorithm.
Step S102, the first encryption parameters are sent to an audited party, so that the audited party processes each password in a password database of the audited party aiming at each first encryption parameter, and a second encryption parameter corresponding to each password in the password database on each first encryption parameter is generated.
Step S103, determining the weak password in the password database by performing decryption operation on the second encryption parameter.
The application determines the comparison result of each password in the weak password set and each password in the password database by carrying out decryption operation on the second encryption parameter, and if the password with the same comparison exists, the password with the same comparison in the password database is the weak password.
In one embodiment of the present application, the password in the password database is obtained by encrypting the original password by the audited party using a target hash algorithm.
In one embodiment of the present application, before processing each password in the weak password set by using the homomorphic encryption algorithm in step S101, the method further includes:
and encrypting each password in the weak password set by adopting the target hash algorithm.
To avoid exposure by an administrator, the audited party typically stores a hash value of the password, so that both sides A, B first need to negotiate a hash algorithm for storing the password, and then a pre-processes a according to the same hash algorithm. The hash values of the same character string are the same, so that the checking work of the weak password is not affected.
The application can judge whether the values are equal or not on the premise of not exposing the data by means of the secure multi-party computing scheme based on the Paillier homomorphic encryption algorithm. The weak password audit flow is as shown in FIG. 4:
it is assumed that the existing auditor a participates in the audited party B, wherein a has a weak password set a, and B has a database of user account numbers and passwords, and the database contains a password list B.
Assuming a has u values and b has w values, a= (a) 1 ,a 2 ,a 3 ,...,a u ),b=(b 1 ,b 2 ,b 3 ,...,b w )。
To avoid exposure by an administrator, the hash value of the password is typically stored, so A, B both parties first need to negotiate a hash algorithm for storing the password, and then a pre-processes a according to the same hash algorithm. The hash values of the same character string are the same, so that the checking work of the weak password is not affected.
Referring to the comparison method described before, cross comparison of ciphertext is carried out one by A and B, and comparison B 1 Results f from all values in a 1 Comparison b 2 Results f from all values in a 2 … …, comparative b w Results f from all values in a w Forming a result matrix f:
f=|f 1 ,f 2 ,....,f w |
|f 11 ,f 21 ,...,f w1 |
|...........|
|f 1u ,f 2u ,...,f wu |
if the result matrix has a term with a value of 0, it indicates that a weak password exists in the examination, and the password in the database corresponding to the column vector with the value of 0 is the weak password.
As shown in fig. 2, in one embodiment of the present application, the determining the weak password in the password database by performing the decryption operation on the second encryption parameter in step S103 specifically includes steps S201 to S203.
Step S201, performing decryption operation on the second encryption parameters to obtain operation results corresponding to each second encryption parameter.
In one embodiment of the present application, the auditor a performs decryption operation on the second encryption parameter t, and takes the remainder of the public key n, to obtain f, namely: f=d (t)% n. If f=0, then a=b; otherwise, a+.b.
Step S202, a result matrix is generated according to the operation result.
And step S203, determining a weak password in the password database according to the result matrix.
In one embodiment of the present application, the processing, by using the homomorphic encryption algorithm, of each password in the weak password set in step S101 to generate the first encryption parameter corresponding to each password in the weak password set specifically includes:
generating an encryption parameter, a first positive integer x and a second positive integer i, wherein the encryption parameter comprises: a public key n, wherein a first positive integer x is the product of a and a second positive integer i, and a is the password in the weak password set;
for the first positive integer by using Paillier encryption algorithmEncryption is carried out on x and n-i to obtain a first ciphertext C x And second ciphertext C i ;
Public key n, first ciphertext C x And second ciphertext C i And determining the first encryption parameter.
In one embodiment of the application, the auditor a prepares the encryption parameters n, g and s of the Paillier algorithm while calculating the positive integers x, i such that x=a×i. A calculating ciphertext C of x, n-i after Paillier encryption x 、C i The method comprises the following steps: c (C) x =E(x)、C i After =e (n-i), n, C x 、C i And sending to B. B has only n in the public key, so B cannot be applied to C x 、C i Decryption is performed. B is not in accordance with known n, C x 、C i It is deduced that a, a of a, is safe.
In one embodiment of the present application, the audited party specifically generates a third positive integer y and a fourth positive integer j, where the third positive integer y is a product of b and the fourth positive integer j, and b is a password in the password database, and then generates the second encryption parameter according to the third positive integer y, the fourth positive integer j, and the first encryption parameter.
In one embodiment of the application, audited party B calculates positive integers y, j such that y=b×j, B receives n, C x 、C i Then t= (C) x iC i y)% n2.B sends the obtained t to A, which cannot be based on the known n, C because there are infinitely many combinations of y, j corresponding to a unique t x 、C i The t extrapolates that B, i.e., B of B, is safe.
In one embodiment of the application, there are a weak password set table x and a password hash value table b; it is necessary to determine whether the password corresponding to the hash value in the table b has the weak password in the table x, and the hash value in the table b is assumed to use the SHA256 hash algorithm.
Table x_weak password table
Table b_Cryptographic hash value List
The two-party negotiation hash algorithm adopts SHA256, and x is calculated by A through SHA256 to obtain the following table a:
hash value obtained by SHA256 operation of table a_weak password
The result matrix f is obtained through the cross comparison of the ciphertext of a and b as follows:
| 1.357E76 | 3.539E76 | 5.036E76 | 3.960E76 |
| 1.834E76 | 4.785E76 | 0 | 1.333E76 |
| 1.798E76 | 7.099E76 | 3.087E76 | 6.685E75 |
table _ result matrix f
Row 2 and column 3 in the result matrix are 0, indicating b 3 Is a weak password, the value of which is equal to a 2 Similarly, 123456.
The embodiment of the application can be seen that the Paillier encryption-based secure multiparty computing method is a method capable of conducting weak password audit under the condition that password data is not exposed, and the reliability of the method is verified through experiments, so that a secure audit mode is provided for private and secret data. By means of the ciphertext auditing method based on the secure multiparty calculation, the privacy and auditability of the password data can be considered, the method is used for finding out weak passwords existing in the system, the development of information security work is effectively supported, and the security risk is reduced.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.
Based on the same inventive concept, the embodiment of the application also provides an auditing device for the weak password, which can be used for realizing the auditing method for the weak password described in the above embodiment, as described in the following embodiments. Because the principle of solving the problem by the audit device for the weak password is similar to that of the audit method for the weak password, the embodiment of the audit device for the weak password can refer to the embodiment of the audit method for the weak password, and the repetition is omitted. As used below, the term "unit" or "module" may be a combination of software and/or hardware that implements the intended function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
FIG. 5 is a first block diagram of an audit device for weak passwords according to an embodiment of the application, as shown in FIG. 5, in one embodiment of the application, the audit device for weak passwords of the application comprises:
the first encryption parameter generation unit 1 is used for processing each password in the weak password set by adopting a homomorphic encryption algorithm to generate a first encryption parameter corresponding to each password in the weak password set;
a sending unit 2, configured to send the first encryption parameters to an audited party, so that the audited party processes, for each first encryption parameter, each password in a password database of the audited party, and generates a second encryption parameter corresponding to each password in the password database on each first encryption parameter;
and the weak password identification unit 3 is used for determining the weak password in the password database by performing decryption operation on the second encryption parameter.
In one embodiment of the present application, the password in the password database is obtained by encrypting the original password by the audited party using a target hash algorithm.
In one embodiment of the present application, the audit device for weak passwords of the present application further comprises:
and the encryption unit is used for encrypting the passwords in the weak password set by adopting the target hash algorithm.
In one embodiment of the present application, the weak password identification unit 3 specifically includes:
the decryption operation module is used for obtaining an operation result corresponding to each second encryption parameter by carrying out decryption operation on the second encryption parameter;
the result matrix generation module is used for generating a result matrix according to the operation result;
and the weak password determining module is used for determining the weak password in the password database according to the result matrix.
In one embodiment of the present application, the first encryption parameter generation unit 1 specifically includes:
the parameter generation module is used for generating an encryption parameter, a first positive integer x and a second positive integer i, wherein the encryption parameter comprises: a public key n, wherein a first positive integer x is the product of a and a second positive integer i, and a is the password in the weak password set;
the encryption module is used for encrypting the first positive integer x and the first positive integer n-i by adopting a Pailier encryption algorithm to obtain a first ciphertext C x And second ciphertext C i ;
An encryption parameter determining module for determining the public key n and the first ciphertext C x And second ciphertext C i And determining the first encryption parameter.
To achieve the above object, according to another aspect of the present application, there is also provided a computer apparatus. As shown in fig. 6, the computer device includes a memory, a processor, a communication interface, and a communication bus, where a computer program executable on the processor is stored on the memory, and when the processor executes the computer program, the steps in the method of the above embodiment are implemented.
The processor may be a central processing unit (Central Processing Unit, CPU). The processor may also be any other general purpose processor, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof.
The memory is used as a non-transitory computer readable storage medium for storing non-transitory software programs, non-transitory computer executable programs, and units, such as corresponding program units in the above-described method embodiments of the application. The processor executes the various functional applications of the processor and the processing of the composition data by running non-transitory software programs, instructions and modules stored in the memory, i.e., implementing the methods of the method embodiments described above.
The memory may include a memory program area and a memory data area, wherein the memory program area may store an operating system, at least one application program required for a function; the storage data area may store data created by the processor, etc. In addition, the memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory may optionally include memory located remotely from the processor, the remote memory being connectable to the processor through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more units are stored in the memory, which when executed by the processor, performs the method in the above embodiments.
The details of the computer device may be correspondingly understood by referring to the corresponding relevant descriptions and effects in the above embodiments, and will not be repeated here.
To achieve the above object, according to another aspect of the present application, there is also provided a computer-readable storage medium storing a computer program which, when executed in a computer processor, implements the steps in the above-described auditing method for weak passwords. It will be appreciated by those skilled in the art that implementing all or part of the above-described embodiment method may be implemented by a computer program to instruct related hardware, where the program may be stored in a computer readable storage medium, and the program may include the above-described embodiment method when executed. Wherein the storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a random access Memory (RandomAccessMemory, RAM), a Flash Memory (Flash Memory), a Hard Disk (HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
To achieve the above object, according to another aspect of the present application, there is also provided a computer program product comprising a computer program/instruction which, when executed by a processor, implements the steps of the above-described auditing method for weak passwords.
It will be apparent to those skilled in the art that the modules or steps of the application described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, or they may alternatively be implemented in program code executable by computing devices, such that they may be stored in a memory device for execution by the computing devices, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps within them may be fabricated into a single integrated circuit module. Thus, the present application is not limited to any specific combination of hardware and software.
The above description is only of the preferred embodiments of the present application and is not intended to limit the present application, but various modifications and variations can be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.
Claims (11)
1. An auditing method for weak passwords, which is applied to an auditor, comprises the following steps:
processing each password in the weak password set by adopting a homomorphic encryption algorithm to generate a first encryption parameter corresponding to each password in the weak password set;
sending the first encryption parameters to an audited party, so that the audited party processes each password in a password database of the audited party aiming at each first encryption parameter, and generating a second encryption parameter corresponding to each password in the password database on each first encryption parameter;
and determining a weak password in the password database by performing decryption operation on the second encryption parameter.
2. The method according to claim 1, wherein the password in the password database is obtained by encrypting an original password by the audited party by using a target hash algorithm.
3. The method for auditing weak passwords according to claim 2, further comprising, before said processing each password in the weak password set using the homomorphic encryption algorithm:
and encrypting each password in the weak password set by adopting the target hash algorithm.
4. The method for auditing the weak password according to claim 1, wherein the determining the weak password in the password database by performing decryption operation on the second encryption parameter specifically comprises:
obtaining operation results corresponding to the second encryption parameters respectively by carrying out decryption operation on the second encryption parameters;
generating a result matrix according to the operation result;
and determining a weak password in the password database according to the result matrix.
5. The method for auditing the weak password according to claim 1, wherein the method for processing each password in the weak password set by adopting a homomorphic encryption algorithm to generate a first encryption parameter corresponding to each password in the weak password set, specifically comprises the following steps:
generating an encryption parameter, a first positive integer x and a second positive integer i, wherein the encryption parameter comprises: a public key n, wherein a first positive integer x is the product of a and a second positive integer i, and a is the password in the weak password set;
encrypting the first positive integer x and the first positive integer n-i by using a Paillier encryption algorithm to obtain a first ciphertext C x And second ciphertext C i ;
Public key n, first ciphertext C x And second ciphertext C i And determining the first encryption parameter.
6. The method according to claim 5, wherein the audited party generates a third positive integer y and a fourth positive integer j, wherein the third positive integer y is a product of b and the fourth positive integer j, b is a password in the password database, and then generates the second encryption parameter according to the third positive integer y, the fourth positive integer j and the first encryption parameter.
7. The auditing method for weak passwords according to claim 1, characterized in that the homomorphic encryption algorithm is specifically a Paillier encryption algorithm.
8. An auditing apparatus for a weak password, comprising:
the first encryption parameter generation unit is used for processing each password in the weak password set by adopting a homomorphic encryption algorithm to generate a first encryption parameter corresponding to each password in the weak password set;
the sending unit is used for sending the first encryption parameters to an audited party so that the audited party processes each password in a password database of the audited party aiming at each first encryption parameter to generate a second encryption parameter corresponding to each password in the password database on each first encryption parameter;
and the weak password identification unit is used for determining the weak password in the password database by carrying out decryption operation on the second encryption parameter.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any one of claims 1 to 7 when the computer program is executed by the processor.
10. A computer readable storage medium having stored thereon a computer program/instruction, which when executed by a processor, implements the steps of the method of any of claims 1 to 7.
11. A computer program product comprising computer programs/instructions which, when executed by a processor, implement the steps of the method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310678840.2A CN116599662A (en) | 2023-06-08 | 2023-06-08 | Audit method and device for weak password |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310678840.2A CN116599662A (en) | 2023-06-08 | 2023-06-08 | Audit method and device for weak password |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116599662A true CN116599662A (en) | 2023-08-15 |
Family
ID=87608205
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310678840.2A Pending CN116599662A (en) | 2023-06-08 | 2023-06-08 | Audit method and device for weak password |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116599662A (en) |
-
2023
- 2023-06-08 CN CN202310678840.2A patent/CN116599662A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113424185B (en) | Fast inadvertent transmission | |
| US11895231B2 (en) | Adaptive attack resistant distributed symmetric encryption | |
| CN111510281B (en) | Homomorphic encryption method and device | |
| JP6016948B2 (en) | Secret calculation system, arithmetic device, secret calculation method, and program | |
| JP5506704B2 (en) | Decryption system, key device, decryption method, and program | |
| CN111404952B (en) | Transformer substation data encryption transmission method and device, computer equipment and storage medium | |
| CN111783129A (en) | Data processing method and system for protecting privacy | |
| US11804960B2 (en) | Distributed symmetric encryption | |
| US20220374544A1 (en) | Secure aggregation of information using federated learning | |
| KR20210139344A (en) | Methods and devices for performing data-driven activities | |
| JP2012528532A (en) | Efficient method for calculating secret functions using resettable tamper-resistant hardware tokens | |
| CN111555880A (en) | Data collision method and device, storage medium and electronic equipment | |
| CN118160275A (en) | Threshold signature scheme | |
| Li et al. | Cryptographic algorithms for privacy-preserving online applications. | |
| CN111917533A (en) | Privacy preserving benchmark analysis with leakage reducing interval statistics | |
| CN114362912A (en) | Identification password generation method based on distributed key center, electronic device and medium | |
| Theodouli et al. | Implementing private k-means clustering using a LWE-based cryptosystem | |
| CN116599662A (en) | Audit method and device for weak password | |
| CN110837633B (en) | Intelligent certificate implementation method and system and readable storage medium | |
| EP4024755B1 (en) | Secured performance of an elliptic curve cryptographic process | |
| Singh et al. | Cloud assisted semi-static secure accountable authority identity-based broadcast encryption featuring public traceability without random oracles | |
| TWI734087B (en) | Signature system based on homomorphic encryption and method thereof | |
| Zhang et al. | A privacy-preserving revocable framework in the deep-learning-as-a-service platform system based on non software as a service | |
| Li et al. | A party-adaptive variant of LowGear | |
| CN117573684A (en) | Storage time proving method supporting dynamic data updating and outsourcing calculation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |