Joke Collection Website - Public benefit messages - What is dictionary cracking?
What is dictionary cracking?
It takes a long time to decipher a password that is quite long and may contain various characters. One of the solutions is to use a dictionary.
For example, a password that is known as four digits and consists entirely of Arabic numerals may have 10000 combinations, and you can find the correct password after 9999 attempts at most. Theoretically, any password can be cracked in this way except the password with very good confidentiality. The only problem is how to shorten the trial and error time.
Some people use computers to improve efficiency, while others use dictionary attacks to narrow the range of password combinations.
If a multi-bit password contains all the above possible characters, its combination method must be amazing. With each additional digit, the number of password combinations will be multiplied by dozens of times, and the decoding time will be longer, sometimes for decades (even if the progress of computer performance is considered according to Moore's Law), or even longer.
Because the time consumed by exhaustive method is not less than the polynomial time required to complete the crack, from the point of view of cryptography, exhaustive method is not considered as an effective crack method.
protection measures
The most important means is to set a system design goal that is difficult to break even if it is attacked by violent cracking. The following are some common protective measures:
1. Increase the length and complexity of the password.
2. Limit the number of password attempts in the system.
3. In password verification, the verification result will not be returned immediately, but after a delay of several seconds.
4. Limit the range of clients allowed to initiate requests.
5. Requests with too high password input frequency are prohibited.
6. Set the password to be changed regularly like a security token.
7. When the number of incorrect password input from the same source exceeds a certain threshold, immediately notify the system administrator by email or SMS.
8. Manual monitoring system to confirm whether there is any abnormality in password trial and error.
9. Use two-factor authentication. For example, the password of the user's login account, the system sends a short message to the user's mobile phone at the same time, and the user needs to enter the verification code in the short message.
- Related articles
- What is a link in Huawei's short message?
- Provident fund loans do not send text messages.
- Q: Text messages or greetings on the first anniversary of love.
- Mobile phone wechat suddenly can't be opened. Login again and don't know the password. I sent a verification code with my mobile phone number, but I couldn't get a short message. Why?
- Information to comfort people in a bad mood
- Which platform will receive SMS if you register?
- A paragraph written to your predecessor after breaking up, and then formally bid farewell to this relationship (recommended reading)
- Henan Provincial Center for Disease Control and Prevention urgently reminds Henan Provincial Center for Disease Control and Prevention of an urgent reminder notice.
- Reporting method of medical insurance fraud
- Asking for help in linguistics final homework: how to apply space and time factors in communication