CN108737094A - A kind of method and relevant device of the detection of domain cipher safety - Google Patents
A kind of method and relevant device of the detection of domain cipher safety Download PDFInfo
- Publication number
- CN108737094A CN108737094A CN201710268888.0A CN201710268888A CN108737094A CN 108737094 A CN108737094 A CN 108737094A CN 201710268888 A CN201710268888 A CN 201710268888A CN 108737094 A CN108737094 A CN 108737094A
- Authority
- CN
- China
- Prior art keywords
- password
- domain
- target
- weak
- hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000001514 detection method Methods 0.000 title claims abstract description 42
- 238000006243 chemical reaction Methods 0.000 claims description 32
- 238000003860 storage Methods 0.000 claims description 21
- 230000004048 modification Effects 0.000 claims description 14
- 238000012986 modification Methods 0.000 claims description 14
- 230000008859 change Effects 0.000 claims description 8
- 230000007246 mechanism Effects 0.000 abstract description 6
- 238000010586 diagram Methods 0.000 description 25
- 230000006870 function Effects 0.000 description 17
- 238000012545 processing Methods 0.000 description 8
- 238000007726 management method Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 239000013078 crystal Substances 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 239000007788 liquid Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
- 230000006641 stabilisation Effects 0.000 description 1
- 238000011105 stabilization Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses the methods and relevant device of a kind of detection of domain cipher safety.Present invention method includes:Obtain the target hashed value of the corresponding domain password of target account;Target hashed value and weak password hash value set are compared, it whether determines in weak password hash value set comprising the hashed value with target Hash value matches, weak password hash value set carries out hash to weak password table and is converted to, and weak password table includes multiple weak passwords;If weak password hashes in value set comprising the hashed value with target Hash value matches, it is determined that domain password is domain weak password.The embodiment of the present invention additionally provide a kind of domain control server and a kind of domain cipher safety detection device, need not by repeatedly attempting just detect weak password, do not generated with domain security mechanism conflict in the case of, improve detection weak password efficiency.
Description
Technical field
A kind of method and relevant device detected the present invention relates to computer realm more particularly to domain cipher safety.
Background technology
" domain " is a kind of management boundary, and shared safety database is shared for one group of computer, be one group of server and
The combination of work station, domain (Active Directory, abbreviation:AD) it is responsible for big in framework in Microsoft Windows Server
The centralized directory management service of type network environment, it handles network object in the tissue, and object can be user, group,
Computer, domain control station, mail, configuration file, organizational unit, tree system etc., as long as defining shelves in Active Directory structure
(schema) object defined in, so that it may to be stored in Active Directory data shelves.
Currently, a large amount of enterprises use domain management company equipment.Can be that each employee creates only during planning account
One domain account, and domain account is required to change domain password when first logging into, domain password becomes the permission control machine of company personnel
System, but the weak employee of Partial security consciousness is arranged simple weak password, the setting of weak password can cause its permission easily by
It cracks, to threaten the information security of entire domain system.
In order to reduce the information security hidden danger brought by domain weak password, it is necessary to determine in database (NTDS.dit) whether
It has stored weak password, in traditional approach, it is weak to judge whether user is provided with the simple domain easily cracked by the way of detection
Password.For example, determine " a ", " b ", " c ", " d " this four passwords which be user setting domain weak password, by repeatedly attempting,
One password of input every time shows that " c " is the domain weak password of employee's setting if " c " has passed through verification.That is, this
Method needs multiple authentication to be just able to verify that whole domain weak passwords being set, and detection efficiency is low, and this detection method
The errors validity number of generation can cause the account of user to be locked again too much, and (domain security mechanism, mistake trial can repeatedly suspend
Account), conflict with domain security mechanism, causes the account that cannot log in for a period of time.
Invention content
An embodiment of the present invention provides the methods and relevant device of a kind of detection of domain cipher safety, for safe with domain
In the case that mechanism does not clash, the efficiency of detection weak password is improved.
In a first aspect, an embodiment of the present invention provides a kind of methods of domain cipher safety detection, including:
Obtain the target hashed value of the corresponding domain password of target account;
The target hashed value and weak password hash value set are compared, determined in the weak password hash value set
Whether comprising the hashed value with the target Hash value matches, the weak password hash value set is to be hashed to weak password table
It is converted to, the weak password table includes multiple weak passwords;
If including the hashed value with the target Hash value matches in the weak password hash value set, it is determined that the domain
Password is domain weak password.
Second aspect, an embodiment of the present invention provides a kind of methods of domain cipher safety detection, including:
Receive the corresponding domain password of target account;
The domain password is subjected to hash conversion, obtains the target hashed value of the domain password;
The target hashed value and weak password hash value set are compared, determined in the weak password hash value set
Whether comprising the hashed value with the target Hash value matches, the weak password hash value set is to be hashed to weak password table
It is converted to, the weak password table includes multiple weak passwords;
When the weak password hashes in value set comprising the hashed value with the target Hash value matches, it is determined that described
Target hashed value is domain weak password;
The target account is prompted to reset domain password.
The third aspect, an embodiment of the present invention provides a kind of domain control servers, including:
Acquisition module, the target hashed value for obtaining the corresponding domain password of target account;
Contrast module, the aiming field cryptographic Hash for obtaining the acquisition module and weak password hashed value collection
Whether conjunction is compared, determine in the weak password hash value set comprising the hashed value with the target Hash value matches, institute
State weak password hash value set to weak password table carry out hash be converted to, the weak password table includes multiple weak passwords;
Determining module determines in the weak password hash value set for working as the contrast module comprising scattered with the target
When the hashed value of hash value matches, it is determined that the domain password is domain weak password.
Fourth aspect, an embodiment of the present invention provides a kind of devices of domain cipher safety detection, including:
Receiving module, for receiving the corresponding domain password of target account;
Conversion module, the domain password for receiving the receiving module carry out hash conversion, it is close to obtain the domain
The target hashed value of code;
Contrast module, the target hashed value for the conversion module to be converted to hash value set with weak password
It is compared, whether is determined in the weak password hash value set comprising the hashed value with the target Hash value matches, it is described
Weak password hash value set carries out hash to weak password table and is converted to, and the weak password table includes multiple weak passwords;
Determining module, for being hashed in value set comprising the hashed value with the target Hash value matches when the weak password
When, determine that the domain password is domain weak password;
Reminding module, for prompting the target account to reset domain password.
As can be seen from the above technical solutions, the embodiment of the present invention has the following advantages:
Obtain the target hashed value of the corresponding domain password of target account;Then, by target hashed value and weak password hashed value
Set is compared, and judges the hashed value with the target Hash value matches whether is contained in weak password hash value set, should
Weak password hash value set is to carry out hash to the weak password in weak password table to be converted to, if the weak password hashes value set
In contain hashed value with target Hash value matches, it is determined that the domain password is domain weak password, is not required in the embodiment of the present invention
Will by repeatedly attempting just detect weak password, do not generated with domain security mechanism conflict in the case of, improve detection it is weak close
The efficiency of code.
Description of the drawings
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those skilled in the art, other drawings may also be obtained based on these drawings.
Fig. 1 is a kind of configuration diagram of detecting system in the embodiment of the present invention;
Fig. 2 is a kind of step flow of one embodiment of the method for domain cipher safety detection in the embodiment of the present invention
Schematic diagram;
Fig. 3 is the interface schematic diagram of the hash value generator in the embodiment of the present invention;
Fig. 4 is the schematic diagram of the display interface in the embodiment of the present invention;
Fig. 5 is the schematic diagram of the display interface in the embodiment of the present invention;
Fig. 6 is the schematic diagram of the display interface in the embodiment of the present invention;
The step of Fig. 7 is a kind of another embodiment of the method for domain cipher safety detection in the embodiment of the present invention is flowed
Journey schematic diagram;
Fig. 8 is the schematic diagram of the display interface of the terminal in the embodiment of the present invention;
Fig. 9 is a kind of structural schematic diagram of one embodiment of domain control server in the embodiment of the present invention;
Figure 10 is a kind of structural schematic diagram of another embodiment of domain control server in the embodiment of the present invention;
Figure 11 is a kind of structural schematic diagram of another embodiment of domain control server in the embodiment of the present invention;
Figure 12 is a kind of structural schematic diagram of another embodiment of domain control server in the embodiment of the present invention;
Figure 13 is that a kind of structure of one embodiment of the device of domain cipher safety detection in the embodiment of the present invention is shown
It is intended to;
Figure 14 is a kind of structure of another embodiment of the device of domain cipher safety detection in the embodiment of the present invention
Schematic diagram;
Figure 15 is a kind of structure of another embodiment of the device of domain cipher safety detection in the embodiment of the present invention
Schematic diagram;
Figure 16 is a kind of structure of another embodiment of the device of domain cipher safety detection in the embodiment of the present invention
Schematic diagram.
Specific implementation mode
An embodiment of the present invention provides the methods and relevant device of a kind of detection of domain cipher safety, for safe with domain
In the case that mechanism does not generate conflict, the efficiency of detection weak password is improved.
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention
Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
The every other embodiment that member is obtained, should all belong to the scope of protection of the invention.
Term " first ", " second ", " third " " in description and claims of this specification and above-mentioned attached drawing
The (if present)s such as four " are for distinguishing similar object, without being used to describe specific sequence or precedence.It should manage
The data that solution uses in this way can be interchanged in the appropriate case, so that the embodiments described herein can be in addition to illustrating herein
Or the sequence other than the content of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that
Cover it is non-exclusive include, for example, containing the process of series of steps or unit, method, system, product or equipment need not limit
In those of clearly listing step or unit, but may include not listing clearly or for these processes, method, production
The intrinsic other steps of product or equipment or unit.
In order to facilitate understanding, the word involved in the embodiment of the present invention is explained first.
Hash (hash) function:Also referred to as hash function is a kind of one-way cipher system, is one from plaintext to ciphertext
Can not inverse mapping, i.e. only ciphering process, decrypting process is not present.The input (be called and do preliminary mapping) of random length, lead to
Hashing algorithm is crossed, the output of regular length is transformed into, which is exactly hashed value.This conversion is a kind of compression mapping, also
It is that the space of hashed value is generally much less than the space inputted, and different inputs may hash to identical output, so can not
Input value can be uniquely determined from hashed value.It is exactly briefly that a kind of message compression by random length is long to a certain fixation
The function of the eap-message digest of degree.
Hash algorithm is applied to storage strategy, the domain password of account cannot direct stored in clear, stored in clear is to information
Safety do not ensure, need encryption store, therefore hash algorithm can be applied to encryption storage account domain password.Hash
Algorithm can be used for ensureing the integrality of information, non-repudiation, belong to one-way algorithm, even if the result of Hash is trapped, other side
And it can not restore in plain text (domain password).Hash algorithm has very much, common are MD5 and SHA series, such as SHA-256 or
SHA-512 etc..
Weak password:It is easy the password being decrypted, regular character combination is easy to be guessed right by hacker, because of hacker's needle
When to specific objective decryption, such weak password information is often soundd out first.Weak password includes following a few classes:
1, simple number combination, such as account, a part for cell-phone number, certificate number, such as six, the end of account, phone number
Six, end or six, the end of identity card be used as password.
2, regular character.
3, key is closed on keyboard.
4, common name phonetic.
5, particular meaning combination etc..
It please refers to the following table 1 to be understood, the following table 1 is the example for including weak password table.The weak password table includes multiple weak
Password.
Table 1
It should be noted that the weak password in weak password table in above-mentioned table 1 is merely illustrative, do not cause to this hair
Bright limited explanation.
The weak password that weak password table in the present embodiment can be announced by third party's Password Management application provider carries out more
Newly.For example, the weak password that annual either season announces is possible to the event or film very high with temperature instantly etc. because being known as
It closes, with film if the weak password that 2016 years announced《Star War》Upsurge is related, for example, " starwars ", " solo " and
" princess " etc..
It should be noted that password composition is usually in a, digital (0-9), symbol these three characters by alphabetical (26)
The combination of any one, or the hybrid combining including these three characters.
Below by taking letter and number as an example, it is assumed that the password of 26 letters and 10 number compositions, if the combination of 6 passwords
There is no any rule, and combines complicated, the number of decryption about 2,200,000,000 times.
But if it is regular simple password, the probability being cracked is very high, even if being attempted one by one weak password, nearly ten thousand
It is secondary to crack, therefore weak password has safely system greatly threat.
An embodiment of the present invention provides a kind of methods of domain cipher safety detection, and this method can effectively detect weak
Password greatly improves safety to reduce threat of the weak password to system safety.
This method can be applied to a kind of detecting system, refering to Figure 1, Fig. 1 is to be provided in the embodiment of the present invention
The configuration diagram of detecting system.The detecting system includes target device 110, the target device 110 for change domain password or
New domain password is set, which can be terminal 1101, or server 1102,120 He of domain control server
Warning device 130.Then the domain password of reception is carried out hash conversion, obtains target by target device 110 for receiving domain password
The target hashed value is sent to domain control server 120 by hashed value with the information of corresponding target account, domain control service
Device 120 is used to the target account and the target hashed value being associated storage, then by by the target hashed value with it is weak close
Code hash value set is compared, so that it is determined that whether the corresponding domain password of the target hashed value is weak password, if the domain password
It for weak password, greatly improves detection and gets off, further, prompted by warning device 130.It prompts in detecting system
Weak password, to greatly improve system safety.
This method is described in detail from the domain control server side below.Understood incorporated by reference to Fig. 2, Fig. 2 mono-
The step flow diagram of one embodiment of the method for kind domain cipher safety detection.
Step 201, the target hashed value for obtaining the corresponding domain password of target account.
In one possible implementation, the concrete mode of the target hashed value of the corresponding domain password of target account is obtained
Can be:The hashed value for the corresponding domain password of target account that target device is sent is received, target device is terminal or service
Device.
The target device can be for for terminal, in an application scenarios, it is close that terminal receives the corresponding domain of target account
Code is converted by hashing, and by the domain, password is converted into target hashed value.For example, the domain password that terminal receives is tencent@
123, by the domain, password is converted into hashed value, wherein target hashed value may include that two different modes are converted, and be respectively
LM-Hash and NT-Hash, LM-Hash and NT-Hash are two different cipher modes to the same password, incorporated by reference to Fig. 3
Shown, Fig. 3 is the interface schematic diagram of hash value generator.Domain password is that tencent@123 carry out hashed value conversion, obtained mesh
It is as follows to mark hashed value:
LM-HASH:C93423250DA51A58A3039E2D3EEB5D18;
NT-HASH:75A2327C9C096EC8EB69D5203B40DE08.
The information of target hashed value target account corresponding with the target hashed value is sent to domain control service by terminal
Device, the domain control server receive the target hashed value and corresponding target account A, first by the target hashed value and corresponding
Target account A is associated storage.
In alternatively possible realization method, the specific side of the target hashed value of the corresponding domain password of target account is obtained
Formula can be:The target hashed value of the corresponding domain password of target account is extracted from regional data base file, regional data base file is deposited
All accounts and its corresponding domain cryptographic Hash in domain are stored up.
In another application scenarios, which can periodic detecting domains database file
(NTDS.dit) it whether there is the hashed value of weak password, therefore domain control service in the hashed value of a large amount of domain password stored in
Device extracts the hashed value stored in NTDS.dit every a threshold value duration.
Step 202 carries out hash conversion to each weak password in weak password table, and it is corresponding weak close to obtain weak password table
Code hash value set.
Hash conversion is carried out to each weak password included in " weak password table ", it is corresponding weak to obtain the weak password table
Cryptographic hash value set.
For example, the weak password table can be as shown in Table 1 above, weak password hash value set is exemplified below shown in table 2:
Table 2
It should be noted that weak password hashed value in above-mentioned table 2 only with two weak passwords " 123994 " and
It is illustrated for " tencent@123 ", limitation of the invention is not caused to illustrate, other weak passwords in table 1
Hashed value differs a citing herein.
It it should be noted that step 202 is optional step, can not execute, and directly execute step 203, that is to say, that
The weak password table may be reused after being converted into corresponding weak password hash value set, not need to repeat to turn every time
The weak password table is changed, still, if the weak password table is updated, such as new weak password is added to again, then needs to execute
Step 202, updated weak password table is subjected to hash conversion, obtains updated weak password hash value set.
Step 203 compares target hashed value and weak password hash value set, determines in weak password hash value set
Whether the hashed value with target Hash value matches is included.
Weak password hash value set carries out hash to weak password table and is converted to, and weak password table includes multiple weak close
Code (as shown in Table 2 above).
For example, the target hashed value is:C93423250DA51A58A3039E2D3EEB5D18, it should be noted that should
Target hashed value may include the corresponding hashed values of LM-Hash and/or NT-Hash, here for convenience of explanation, with LM-Hash
Hashed value for illustrate.
Then the target hashed value and weak password hash value set shown in above-mentioned table 2 are compared, is traversed one by one
Weak password hashes hashed value included in value set, judge in the cryptographic hash value set whether include and this
The identical hashed values of C93423250DA51A58A3039E2D3EEB5D18.
If step 204, weak password hash in value set comprising the hashed value with target Hash value matches, it is determined that domain password
For domain weak password.
By comparison, determine that in weak password hash value set include the C93423250DA51A58A3039E2D3EEB5D
18 hashed values, since the C93423250DA51A58A3039E2D3EEB5D18 hashed values are converted by weak password, because
This can determine that the corresponding domain password of the target hashed value is domain password.
In the first application scenarios, show that the corresponding domain password of target hashed value that the target device received is sent is weak
Password, there are risks for system.
In second of application scenarios, show in NTDS.dit files, stored the corresponding hashed value of weak password,
There are risks for system.
Step 205 prompts the corresponding domain password of the target account to be weak password.
In one possible implementation, incorporated by reference to shown in Fig. 4, Fig. 4 is the schematic diagram of a scenario of terminal display interface.Domain
It is weak password that control server can be used to indicate the domain password to terminal feedback response information, the response message, needs to carry out
Modification.
In alternatively possible realization method, shown in Fig. 5, Fig. 5 is the schematic diagram of terminal display interface.Prompt
Target account changes domain password within the preset time limit, if not changing more than preset time limit domain password, stops making for target account
Use permission.
For example, the preset time limit is 3 hours, if domain control server does not detect the target within 3 hours
The corresponding domain password of account changes, then the target account, access right is notified to stop.
In alternatively possible realization method, shown in Fig. 6, Fig. 6 is the schematic diagram of warning device display interface.
The information of the target account (such as account B) is sent to warning device by domain control server, which prompts security monitoring
Modification situation of the corresponding user of the personnel tracking target account to domain password.
In the embodiment of the present invention, the target hashed value got and weak password can be hashed value set by domain control server
It is compared, judges whether weak password hash value set contains the hashed value with the target Hash value matches, so that it is determined that
What whether the target hashed value was converted by weak password, if weak password hash value set contains and the target hashed value phase
Matched hashed value, it is determined that the corresponding domain password of the target hashed value is weak password, so that it is determined that with the target hashed value pair
The target account answered, that is to say, that can determine which account is corresponding provided with domain weak password, detection efficiency in system
Height, and can further take appropriate measures to these accounts, to reduce the risk of system, improve the safety of system
Property.
Above with domain control server side to a kind of method of domain cipher safety detection in the embodiment of the present invention, another
In one embodiment, target device can also be detected the safety of domain password, which can be by taking terminal as an example
It illustrates, please refers to shown in Fig. 7, an embodiment of the present invention provides a kind of another realities of the method for domain cipher safety detection
Applying example includes:
Step 701 receives the corresponding domain password of target account.
Adaptable application scenarios can be:
In a kind of application scenarios, understood incorporated by reference to Fig. 8, Fig. 8 is the schematic diagram of a scenario of the interface display of terminal.With
Family modifies to the password being set, and terminal detects whether the target account has the permission of modification domain password first.
Terminal obtains blacklist, and the account without modification authority is had recorded in the blacklist, does not have modification authority such as
Account be degree of safety difference account, the account of degree of safety difference may include but do not limit following a few classes:1, history used
The account of domain weak password;2, domain weak password has been used, within the time limit of domain control server notifies, it is weak close not change the domain
Code;3, the account etc. was revealed by outer net.Terminal by the way that the account is compared with the account recorded in the blacklist,
Can determine the target account whether have modification authority, if the target account and do not have modification authority, forbid the account
Change domain password.If the target account has the permission of modification domain password, it is corresponding modified that terminal receives target account
Domain password.
In the present embodiment, by carrying out permission detection to the target account, if the target account has modification domain password
Permission just allows user to modify the corresponding domain password of the target account, reduces the account of degree of safety difference to domain password
Number is changed, domain password is revised as the probability of weak password by the account for reducing degree of safety difference again.
In another application scenarios, which is the domain password that target account is arranged for the first time.It is defeated that terminal receives user
The corresponding domain password of target account entered.
Whether step 702, detecting domains password meet password Provisioning Policy.
The password Provisioning Policy meets intensity strategy, for example, the intensity strategy can be:
1, meet the character of preset number, 6 characters of general satisfaction or 8 characters.
2, it needs to include upper and lower case letter, including symbol, including number.
If for example, the domain password be " To&*25#9 " in not only contain upper and lower case letter, but also contain meet and number, and
And the domain password meets the character number of preset (such as 8), then shows that the domain password meets the intensity strategy, then follow the steps
703。
If domain password not match closes the password Provisioning Policy, target account is prompted to reset domain password.
If the domain password meets intensity strategy, which, which is the probability of weak password, greatly to reduce, if should
Domain password is unsatisfactory for the intensity strategy, then shows that the domain password is likely to weak password, then the target account is prompted to need again
The domain password is set, to reduce the domain password as the probability of weak password.In the present embodiment, by protecting layer by layer, to reduce user
The domain password of setting is the probability of weak password.
It it should be noted that the step 702 is optional step, can not execute, and directly execute step 703.
Step 703 carries out hash conversion to each weak password in weak password table, and it is corresponding weak close to obtain weak password table
Code hash value set.
For example, the weak password table can be as shown in table 1, it is as shown in table 2 which hashes value set.By obtain this is weak
Cryptographic hash value set is stored to memory block.
Hash conversion is carried out to each weak password included in " weak password table ", it is corresponding weak to obtain the weak password table
Cryptographic hash value set.For example, the weak password table can be as shown in Table 1 above, weak password hash value set is exemplified below table 2
It is shown.
It it should be noted that step 703 is optional step, can not execute, and directly execute step 704, that is to say, that
The weak password table may be reused after being converted into corresponding weak password hash value set, not need to repeat to turn every time
The weak password table is changed, still, if the weak password table is updated, such as new weak password is added to again, then needs to execute
Step 703, updated weak password table is subjected to hash conversion, obtains updated weak password hash value set.
Step 704 compares target hashed value and weak password hash value set, determines in weak password hash value set
Whether the hashed value with target Hash value matches is included.
If the weak password hashes in value set comprising the hashed value with target Hash value matches, step 705 is continued to execute.
Weak password hash value set carries out hash to weak password table and is converted to, and weak password table includes multiple weak close
Code (as shown in Table 2 above).
For example, the target hashed value is:C93423250DA51A58A3039E2D3EEB5D18, it should be noted that should
Target hashed value may include the corresponding hashed values of LM-Hash and/or NT-Hash, here for convenience of explanation, with LM-Hash
Hashed value for illustrate.
Then the target hashed value and weak password hash value set shown in above-mentioned table 2 are compared, is traversed one by one
Weak password hashes hashed value included in value set, judge in the cryptographic hash value set whether include and this
The identical hashed values of C93423250DA51A58A3039E2D3EEB5D18.
Step 705, when weak password hashes in value set comprising hashed value with target Hash value matches, it is determined that target
Hashed value is domain weak password.
By comparison, determine that in weak password hash value set include to be somebody's turn to do
C93423250DA51A58A3039E2D3EEB5D18 hashed values, due to the C93423250DA51A58A3039E2D3EEB5D18
Hashed value is converted by weak password, thus may determine that the target hashed value is also to be converted by weak password, then
Determine that the corresponding domain password of the target hashed value is domain password.
Step 706, prompt target account reset domain password.
In one possible implementation, in the display interface display reminding information of terminal, which is:The domain
Password is weak password, needs to reset.
In alternatively possible realization method, if the domain password is weak password, terminal does not execute to the " true of the domain password
It is fixed " operation, force user to reset domain password, until when determining the domain password non-weak password.
Step 707, when domain password is provided with, by domain password and corresponding target account be sent to domain control service
Device.
It obtains domain password and is provided with instruction, terminal is provided with instruction by domain password and corresponding mesh according to the domain password
Mark account is sent to domain control server, so that domain password is carried out hash conversion by domain controller, obtains the hashed value of domain password,
And by the hashed value of domain password and target account associated storage.Further, which it is corresponding can to execute Fig. 2
Step 201 in embodiment is to step 205.
It should be noted that it can be instruction input by user that the domain password, which is provided with instruction, can also be to work as terminal
When determining that the domain password is non-weak password, the instruction of generation.
In the present embodiment, terminal can be detected domain password, and the target hashed value and weak password are hashed value set
It is compared, is determined in weak password hash value set whether comprising the hashed value with target Hash value matches, if the weak password
It hashes in value set comprising the hashed value with target Hash value matches, it is determined that the domain password is weak password, prompts the target account
Family resets password, to reduce the corresponding domain password of the target account as the probability of weak password, improves the safety of system.
Optionally, when terminal gets the instruction of modification domain password, which can show the special of modification domain password
Uniform resource locator (Uniform Resource Locator, the abbreviation of equipment:URL it) links, guiding user passes through platform
The domain password is sent to the server of detecting domains password by Modify password, terminal, which can execute step 701 to step
706。
In the present embodiment, in detecting system shown in Fig. 1, domain password can be detected by multiple equipment, it can
To carry out double shielding by terminal and domain control server, terminal by by target hashed value and weak password hash value set into
Row comparison can determine the domain if weak password hash value set contains the hashed value with the target hash values match
Password is weak password, then prompts the target account, and it is weak password to prompt the domain password, and it is weak password to reduce the domain password
Probability.
Further, if user is already provided with weak password, domain control server can be to depositing in NTDS.dit files
The hashed value of the domain password of storage is detected one by one, so that it is determined that the hashed value of which domain password is the hashed value of weak password, into
And determine the corresponding target account of the hashed value of weak password, a series of measure can be taken to the target account, so that the mesh
Mark account modifies to domain weak password, is protected by multilayer in the present embodiment, reduces the probability of user setting weak password, greatly
The safety for improving system.
A kind of method of domain cipher safety detection is described above, clothes are controlled to the domain of this method application below
Business device is described in detail, and please refers to shown in Fig. 9, a kind of one embodiment packet of domain control server in the embodiment of the present invention
It includes:
Acquisition module 901, the target hashed value for obtaining the corresponding domain password of target account;
Contrast module 902, the aiming field cryptographic Hash for obtaining acquisition module 901 hash value set with weak password
It is compared, whether is determined in weak password hash value set comprising the hashed value with target Hash value matches, weak password hashed value
Collection is combined into carries out what hash was converted to weak password table, and weak password table includes multiple weak passwords;
Determining module 903, for including and target hashed value when contrast module 902 determines in weak password hash value set
When the hashed value matched, it is determined that domain password is domain weak password.
It please refers to Fig.1 shown in 0, on the basis of Fig. 9 corresponding embodiments, the embodiment of the present invention additionally provides a kind of domain control
Another embodiment of control server 1000 includes:
Further include reminding module 904 and execution module 905;
Reminding module 904, for prompting the corresponding target account of domain weak password that determining module 903 determines in the preset time limit
Interior modification domain password;
Execution module 905, for when the preset time limit domain password prompted more than reminding module 9904 does not change, stopping mesh
Mark the access right of account.
It please refers to Fig.1 shown in 1, on the basis of Fig. 9 corresponding embodiments, the embodiment of the present invention additionally provides a kind of domain control
Another embodiment of control server 1100 includes:
It further include conversion module 906;
Conversion module 906 obtains weak password table pair for carrying out hash conversion to each weak password in weak password table
The weak password hash value set answered.
Optionally, acquisition module 901, the corresponding aiming field password of target account for being additionally operable to receive target device transmission dissipate
Train value, target device are terminal or server.
Optionally, acquisition module 901 are additionally operable to extract the mesh of the corresponding domain password of target account from regional data base file
Hashed value is marked, regional data base file stores all accounts and its corresponding domain cryptographic Hash in domain.
Further, a kind of domain control server in Fig. 9 to Figure 11 is presented in the form of function module.Here
" module " can refer to application-specific integrated circuit (application-specific integrated circuit, ASIC), electricity
Road, executes the processor and memory of one or more softwares or firmware program, integrated logic circuit and/or other can carry
For the device of above-mentioned function.In a simple embodiment, figure may be used in a kind of domain control server in Fig. 9 to Figure 11
Form shown in 12.
Figure 12 is a kind of apparatus structure schematic diagram of determining function of search stability provided in an embodiment of the present invention, and determination is searched
The device of rope functional stabilization can exist in the form of server, which can be different because of configuration or performance
And generate bigger difference, may include one or more processors 1222 and memory 1232, one or one with
The storage medium 1230 (such as one or more mass memory units) of upper storage application program 1242 or data 1244.Its
In, memory 1232 and storage medium 1230 can be of short duration storage or persistent storage.It is stored in the program of storage medium 1230
May include one or more modules (diagram does not mark), each module may include to the series of instructions in server
Operation.Further, central processing unit 1222 could be provided as communicating with storage medium 1230, be executed on server 1200
Series of instructions operation in storage medium 1230.
Server 1200 can also include one or more power supplys 1226, one or more wired or wireless nets
Network interface 1250, one or more input/output interfaces 1258, and/or, one or more operating systems 1241, example
Such as Windows Server, Mac OS X, Unix, Linux, FreeBSD etc..
Processor 1222 can make the domain control server execute the method and step in the corresponding embodiments of Fig. 7.
Specifically, network interface 1250, for obtaining the corresponding domain password of target account.
Processor 1222, the target hashed value for obtaining the corresponding domain password of target account;By target hashed value with it is weak
Whether cryptographic hash value set is compared, determine in weak password hash value set comprising the hash with target Hash value matches
Value, weak password hash value set carry out hash to weak password table and are converted to, and weak password table includes multiple weak passwords;If weak
Include the hashed value with target Hash value matches in cryptographic hash value set, it is determined that domain password is domain weak password.
Optionally, processor 1222, for prompting target account to change domain password within the preset time limit;If being more than the preset phase
Confinement password does not change, then stops the access right of target account.
Optionally, processor 1222 obtain weak close for carrying out hash conversion to each weak password in weak password table
The corresponding weak password of code table hashes value set.
Optionally, network interface 1250, the target of the corresponding domain password of target account for receiving target device transmission
Hashed value, target device are terminal or server.
Optionally, processor 1222, the target for extracting the corresponding domain password of target account from regional data base file
Hashed value, regional data base file store all accounts and its corresponding domain cryptographic Hash in domain.
It please refers to Fig.1 shown in 3, the embodiment of the present invention additionally provides the one of the device 1300 of a kind of domain cipher safety detection
A embodiment includes:
Receiving module 1301, for receiving the corresponding domain password of target account;
Conversion module 1307, the domain password for receiving receiving module 1301 carry out hash conversion, obtain domain password
Target hashed value;
Contrast module 1302, the target hashed value for conversion module 1307 to be converted to hash value set with weak password
It is compared, whether is determined in weak password hash value set comprising the hashed value with target Hash value matches, weak password hashed value
Collection is combined into carries out what hash was converted to weak password table, and weak password table includes multiple weak passwords;
Determining module 1303, for including and target hashed value when contrast module 1302 determines in weak password hash value set
When matched hashed value, determine that domain password is domain weak password;
Reminding module 1304, for prompting target account to reset domain password.
It please refers to Fig.1 shown in 4, on the basis of the corresponding embodiments of Figure 13, it is close that the embodiment of the present invention additionally provides a kind of domain
One embodiment of device 1400 of code safety detection includes:
It further include detection module 1305;
Whether detection module 1305 meets password Provisioning Policy for detecting domains password;
Reminding module 1304 is additionally operable to, when domain password not match closes password Provisioning Policy, target account be prompted to reset
Domain password.
It please refers to Fig.1 shown in 5, on the basis of the corresponding embodiments of Figure 13, it is close that the embodiment of the present invention additionally provides a kind of domain
One embodiment of device 1500 of code safety detection includes:
Further include acquisition module 1308 and sending module 1306;
Acquisition module 1308 is provided with instruction for obtaining domain password;
Sending module 1306, when for being provided with instruction according to the domain password, by the target hashed value of domain password and right
The information for the target account answered is sent to domain control server, so that domain controller is by the target hashed value of domain password and target account
Family associated storage.
Further, a kind of device of domain cipher safety detection in Figure 13 to Figure 15 is come in the form of function module
It presents.Here " module " can refer to application-specific integrated circuit (application-specific integrated
Circuit, ASIC), circuit executes the processor and memory of one or more softwares or firmware program, integrated logic circuit,
And/or other can provide the device of above-mentioned function.In a simple embodiment, a kind of domain password in Figure 13 to Figure 15
Form shown in Figure 16 may be used in the device of safety detection.
As shown in figure 16, for convenience of description, it illustrates only and the relevant part of the embodiment of the present invention, particular technique details
It does not disclose, please refers to present invention method part.The terminal can be include PC machine, tablet computer, PDA
Arbitrary terminal devices such as (Personal Digital Assistant, personal digital assistants), by taking terminal is PC machine as an example:
Figure 16 shows the block diagram with the part-structure of the relevant PC machine of terminal provided in an embodiment of the present invention.Reference chart
16, PC machine includes:It is transceiver 1610, memory 1620, input unit 1630, display unit 1640, voicefrequency circuit 1660, wireless
The components such as fidelity (wireless fidelity, WiFi) module 1670, processor 1680 and power supply 1690.Art technology
Personnel are appreciated that PC machine structure shown in Figure 16 does not constitute the restriction to PC machine, may include more or more than illustrating
Few component either combines certain components or different components arrangement.
Each component parts of PC machine is specifically introduced with reference to Figure 16:
Transceiver 1610 can be used for sending and receiving information, after receiving information, be sent to the processing of processor 1180.
Memory 1620 can be used for storing software program and module, and processor 1680 is stored in memory by operation
1620 software program and module, to execute various function application and the data processing of PC machine.Memory 1620 can be led
To include storing program area and storage data field, wherein storing program area can storage program area, needed at least one function
Application program (such as sound-playing function, image player function etc.) etc.;Storage data field can be stored uses institute according to PC machine
Data (such as audio data, phone directory etc.) of establishment etc..In addition, memory 1620 may include high random access storage
Device, can also include nonvolatile memory, and a for example, at least disk memory, flush memory device or other volatibility are solid
State memory device.
Input unit 1630 can be used for receiving the number or character information of input, and generate and user setting and function
Control related key signals input.Input unit 1630 can also include other input equipments 1632.Specifically, other inputs are set
Standby 1632 can include but is not limited to physical keyboard, function key (such as volume control button, switch key etc.), trace ball, mouse
It is one or more in mark, operating lever etc..
Display unit 1640 can be used for showing information input by user or be supplied to user information and PC machine it is each
Kind menu.Display unit 1640 may include display panel 1641, optionally, liquid crystal display (Liquid may be used
Crystal Display, LCD), the forms such as Organic Light Emitting Diode (Organic Light-Emitting Diode, OLED)
To configure display panel 1641.
Voicefrequency circuit 1660, loud speaker 1661, microphone 1662 can provide the audio interface between user and PC machine.Audio
The transformed electric signal of the audio data received can be transferred to loud speaker 1661, is converted by loud speaker 1661 by circuit 1660
It is exported for voice signal.
Processor 1680 is the control centre of PC machine, using the various pieces of various interfaces and the entire PC machine of connection,
By running or execute the software program and/or module that are stored in memory 1620, and calls and be stored in memory 1620
Interior data execute the various functions and processing data of PC machine, to carry out integral monitoring to PC machine.Optionally, processor
1680 may include one or more processing units;Preferably, processor 1680 can integrate application processor and modulation /demodulation processing
Device, wherein the main processing operation system of application processor, user interface and application program etc., modem processor is mainly located
Reason wireless communication.It is understood that above-mentioned modem processor can not also be integrated into processor 1680.
PC machine further includes the power supply 1690 (such as battery) powered to all parts, it is preferred that power supply can pass through power supply
Management system and processor 1680 are logically contiguous, to realize management charging, electric discharge and power consumption pipe by power-supply management system
The functions such as reason.
The processor 1680, for making the device execute the method in the corresponding embodiments of Fig. 2.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, device and method can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the division of unit,
Only a kind of division of logic function, formula that in actual implementation, there may be another division manner, such as multiple units or component can be with
In conjunction with or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or discussed
Mutual coupling, direct-coupling or communication connection can be by some interfaces, the INDIRECT COUPLING of device or unit or
Communication connection can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separated, and be shown as unit
Component may or may not be physical unit, you can be located at a place, or may be distributed over multiple networks
On unit.Some or all of unit therein can be selected according to the actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also
It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.Above-mentioned integrated list
The form that hardware had both may be used in member is realized, can also be realized in the form of SFU software functional unit.
It, can if integrated unit is realized in the form of SFU software functional unit and when sold or used as an independent product
To be stored in a computer read/write memory medium.Based on this understanding, technical scheme of the present invention substantially or
Say that all or part of the part that contributes to existing technology or the technical solution can embody in the form of software products
Out, which is stored in a storage medium, including some instructions are used so that a computer equipment
(can be personal computer, server or the network equipment etc.) execute each embodiment the method for the present invention whole or
Part steps.And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory),
Random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can to store program code
Medium.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to before
Stating embodiment, invention is explained in detail, it will be understood by those of ordinary skill in the art that:It still can be to preceding
The technical solution recorded in each embodiment is stated to modify or equivalent replacement of some of the technical features;And these
Modification or replacement, the spirit and scope for various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution.
Claims (15)
1. a kind of method of domain cipher safety detection, which is characterized in that including:
Obtain the target hashed value of the corresponding domain password of target account;
The target hashed value and weak password hash value set are compared, determine in weak password hash value set whether
Including the hashed value with the target Hash value matches, the weak password hash value set is to carry out hash conversion to weak password table
It obtains, the weak password table includes multiple weak passwords;
If including the hashed value with the target Hash value matches in the weak password hash value set, it is determined that the domain password
For domain weak password.
2. according to the method described in claim 1, it is characterized in that, the determination domain password be domain weak password after, institute
The method of stating further includes:
The target account is prompted to change the domain password within the preset time limit;
If not changing more than domain password described in the preset time limit, stop the access right of the target account.
3. according to the method described in claim 1, it is characterized in that, described by the target hashed value and weak password hashed value collection
Before conjunction is compared, the method further includes:
Hash conversion is carried out to each weak password in weak password table, obtains the corresponding weak password hashed value of the weak password table
Set.
4. according to the method in any one of claims 1 to 3, which is characterized in that the corresponding domain of the acquisition target account
Password, including:
The target hashed value for the corresponding domain password of the target account that target device is sent is received, the target device is terminal
Or server.
5. according to the method in any one of claims 1 to 3, which is characterized in that the corresponding domain of the acquisition target account
Password, including:
The target hashed value of the corresponding domain password of the target account, the regional data base file are extracted from regional data base file
Store all accounts and its corresponding domain cryptographic Hash in domain.
6. a kind of method of domain cipher safety detection, which is characterized in that including:
Receive the corresponding domain password of target account;
The domain password is subjected to hash conversion, obtains the target hashed value of the domain password;
The target hashed value and weak password hash value set are compared, determine in weak password hash value set whether
Including the hashed value with the target Hash value matches, the weak password hash value set is to carry out hash conversion to weak password table
It obtains, the weak password table includes multiple weak passwords;
When the weak password hashes in value set comprising the hashed value with the target Hash value matches, it is determined that the target
Hashed value is domain weak password;
The target account is prompted to reset domain password.
7. according to the method described in claim 6, it is characterized in that, described carry out hash conversion by the domain password, institute is obtained
Before the target hashed value for stating domain password, the method further includes:
Detect whether the domain password meets password Provisioning Policy;
If the domain password not match closes the password Provisioning Policy, the target account is prompted to reset domain password.
8. the method described according to claim 6 or 7, which is characterized in that the method further includes:
It obtains domain password and is provided with instruction;
It is provided with instruction according to the domain password, by the target hashed value of the domain password and the information of corresponding target account
It is sent to domain control server, so that the target hashed value of the domain password is associated with by the domain controller with the target account
Storage.
9. a kind of domain control server, which is characterized in that including:
Acquisition module, the target hashed value for obtaining the corresponding domain password of target account;
Contrast module, the aiming field cryptographic Hash for obtaining the acquisition module and weak password hash value set into
Whether row comparison determines in the weak password hash value set comprising the hashed value with the target Hash value matches, described weak
Cryptographic hash value set carries out hash to weak password table and is converted to, and the weak password table includes multiple weak passwords;
Determining module, determines in weak password hash value set for working as the contrast module and includes and the target hashed value
When matched hashed value, it is determined that the domain password is domain weak password.
10. domain control server according to claim 9, which is characterized in that
Further include reminding module and execution module;
The reminding module, for prompting the corresponding target account of the domain weak password that the determining module determines pre-
Set the modification domain password in the time limit;
The execution module, for when not changing more than domain password described in the preset time limit, stopping the target account
Access right.
11. domain control server according to claim 9, which is characterized in that further include conversion module;
The conversion module obtains the weak password table for carrying out hash conversion to each weak password in weak password table
Corresponding weak password hashes value set.
12. the domain control server according to any one of claim 9 to 11, which is characterized in that
The acquisition module is additionally operable to receive the corresponding aiming field cryptographic Hash of the target account that target device is sent,
The target device is terminal or server.
13. the domain control server according to any one of claim 9 to 11, which is characterized in that
The acquisition module is additionally operable to extract the target hash of the corresponding domain password of the target account from regional data base file
Value, the regional data base file store all accounts and its corresponding domain cryptographic Hash in domain.
14. a kind of device of domain cipher safety detection, which is characterized in that including:
Receiving module, for receiving the corresponding domain password of target account;
Conversion module, the domain password for receiving the receiving module carry out hash conversion, obtain the domain password
Target hashed value;
Contrast module, the target hashed value for the conversion module to be converted to are carried out with weak password hash value set
Whether comparison determines in the weak password hash value set comprising the hashed value with the target Hash value matches, described weak close
Code hash value set carries out hash to weak password table and is converted to, and the weak password table includes multiple weak passwords;
Determining module is used for when the weak password hashes in value set comprising the hashed value with the target Hash value matches,
Determine that the domain password is domain weak password;
Reminding module, the corresponding target account of the domain password for prompting the determining module to determine reset domain
Password.
15. device according to claim 14, which is characterized in that further include detection module;
The detection module, for detecting whether the domain password meets password Provisioning Policy;
The reminding module is additionally operable to, when the domain password not match closes the password Provisioning Policy, prompt the target account
Reset domain password.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710268888.0A CN108737094B (en) | 2017-04-21 | 2017-04-21 | Domain password security detection method and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710268888.0A CN108737094B (en) | 2017-04-21 | 2017-04-21 | Domain password security detection method and related equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108737094A true CN108737094A (en) | 2018-11-02 |
| CN108737094B CN108737094B (en) | 2021-12-14 |
Family
ID=63934076
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710268888.0A Active CN108737094B (en) | 2017-04-21 | 2017-04-21 | Domain password security detection method and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108737094B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110084034A (en) * | 2019-05-06 | 2019-08-02 | 重庆天蓬网络有限公司 | A kind of cipher set-up method, storage medium and electronic equipment based on weak passwurd detection |
| CN110633565A (en) * | 2019-09-27 | 2019-12-31 | 上海赛可出行科技服务有限公司 | Domain user weak password detection method based on hash collision |
| CN112287073A (en) * | 2020-11-20 | 2021-01-29 | 北京微步在线科技有限公司 | Information security processing method and device and computer readable storage medium |
| CN112613028A (en) * | 2020-12-29 | 2021-04-06 | 北京天融信网络安全技术有限公司 | Weak password detection method and device, electronic equipment and readable storage medium |
| CN115037460A (en) * | 2022-05-30 | 2022-09-09 | 中国工商银行股份有限公司 | Password recommendation method, apparatus, computer equipment and storage medium |
| CN115442097A (en) * | 2022-08-25 | 2022-12-06 | 北京安博通科技股份有限公司 | A weak password identification method and related equipment |
| CN115698991A (en) * | 2020-06-02 | 2023-02-03 | 三菱电机株式会社 | Password authentication device, password authentication method, and password authentication program |
| CN116647400A (en) * | 2023-06-12 | 2023-08-25 | 维沃移动通信有限公司 | Weak password detection method, device, electronic equipment and server |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119342A (en) * | 2007-09-21 | 2008-02-06 | 腾讯科技(深圳)有限公司 | Method and system for logging in instant communication software |
| CN101155214A (en) * | 2006-09-27 | 2008-04-02 | 中国电信股份有限公司 | Bluetooth network system and PIN code amending method for Bluetooth access point |
| CN101316220A (en) * | 2008-06-27 | 2008-12-03 | 华为技术有限公司 | Method, system, and device for modifying virtual private network password |
| CN101861589A (en) * | 2007-10-02 | 2010-10-13 | 弗劳恩霍夫应用研究促进协会 | Conception of Key Management in DRM System |
| CN103701805A (en) * | 2013-12-26 | 2014-04-02 | 山石网科通信技术有限公司 | Method and device for detecting weak password in network |
| CN103973651A (en) * | 2013-02-01 | 2014-08-06 | 腾讯科技(深圳)有限公司 | Account password identification setting and inquiring method and device based on salt password bank |
| CN104468484A (en) * | 2013-09-22 | 2015-03-25 | 深圳市腾讯计算机系统有限公司 | Method and device for setting password in network communication |
| CN104580197A (en) * | 2014-12-31 | 2015-04-29 | 北京奇虎科技有限公司 | Code detection method and code detection system |
| CN104933352A (en) * | 2015-06-10 | 2015-09-23 | 北京北信源软件股份有限公司 | Weak password detection method and device |
| CN105095737A (en) * | 2014-04-16 | 2015-11-25 | 阿里巴巴集团控股有限公司 | Method and device for detecting weak password |
| CN105184146A (en) * | 2015-06-05 | 2015-12-23 | 北京北信源软件股份有限公司 | Method and system for checking weak password of operating system |
| CN105760748A (en) * | 2016-02-26 | 2016-07-13 | 北京齐尔布莱特科技有限公司 | Weak password detection method and device and server |
| US20160337402A1 (en) * | 2013-12-23 | 2016-11-17 | Orange | Method of slowing down a communication in a network |
| CN106411531A (en) * | 2016-10-25 | 2017-02-15 | 国家电网公司 | Weak password screening method |
-
2017
- 2017-04-21 CN CN201710268888.0A patent/CN108737094B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101155214A (en) * | 2006-09-27 | 2008-04-02 | 中国电信股份有限公司 | Bluetooth network system and PIN code amending method for Bluetooth access point |
| CN101119342A (en) * | 2007-09-21 | 2008-02-06 | 腾讯科技(深圳)有限公司 | Method and system for logging in instant communication software |
| CN101861589A (en) * | 2007-10-02 | 2010-10-13 | 弗劳恩霍夫应用研究促进协会 | Conception of Key Management in DRM System |
| CN101316220A (en) * | 2008-06-27 | 2008-12-03 | 华为技术有限公司 | Method, system, and device for modifying virtual private network password |
| CN103973651A (en) * | 2013-02-01 | 2014-08-06 | 腾讯科技(深圳)有限公司 | Account password identification setting and inquiring method and device based on salt password bank |
| CN104468484A (en) * | 2013-09-22 | 2015-03-25 | 深圳市腾讯计算机系统有限公司 | Method and device for setting password in network communication |
| US20160337402A1 (en) * | 2013-12-23 | 2016-11-17 | Orange | Method of slowing down a communication in a network |
| CN103701805A (en) * | 2013-12-26 | 2014-04-02 | 山石网科通信技术有限公司 | Method and device for detecting weak password in network |
| CN105095737A (en) * | 2014-04-16 | 2015-11-25 | 阿里巴巴集团控股有限公司 | Method and device for detecting weak password |
| CN104580197A (en) * | 2014-12-31 | 2015-04-29 | 北京奇虎科技有限公司 | Code detection method and code detection system |
| CN105184146A (en) * | 2015-06-05 | 2015-12-23 | 北京北信源软件股份有限公司 | Method and system for checking weak password of operating system |
| CN104933352A (en) * | 2015-06-10 | 2015-09-23 | 北京北信源软件股份有限公司 | Weak password detection method and device |
| CN105760748A (en) * | 2016-02-26 | 2016-07-13 | 北京齐尔布莱特科技有限公司 | Weak password detection method and device and server |
| CN106411531A (en) * | 2016-10-25 | 2017-02-15 | 国家电网公司 | Weak password screening method |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110084034A (en) * | 2019-05-06 | 2019-08-02 | 重庆天蓬网络有限公司 | A kind of cipher set-up method, storage medium and electronic equipment based on weak passwurd detection |
| CN110633565A (en) * | 2019-09-27 | 2019-12-31 | 上海赛可出行科技服务有限公司 | Domain user weak password detection method based on hash collision |
| CN115698991A (en) * | 2020-06-02 | 2023-02-03 | 三菱电机株式会社 | Password authentication device, password authentication method, and password authentication program |
| CN112287073A (en) * | 2020-11-20 | 2021-01-29 | 北京微步在线科技有限公司 | Information security processing method and device and computer readable storage medium |
| CN112613028A (en) * | 2020-12-29 | 2021-04-06 | 北京天融信网络安全技术有限公司 | Weak password detection method and device, electronic equipment and readable storage medium |
| CN115037460A (en) * | 2022-05-30 | 2022-09-09 | 中国工商银行股份有限公司 | Password recommendation method, apparatus, computer equipment and storage medium |
| CN115037460B (en) * | 2022-05-30 | 2024-12-24 | 中国工商银行股份有限公司 | Password recommendation method, device, computer equipment and storage medium |
| CN115442097A (en) * | 2022-08-25 | 2022-12-06 | 北京安博通科技股份有限公司 | A weak password identification method and related equipment |
| CN115442097B (en) * | 2022-08-25 | 2024-12-17 | 北京安博通科技股份有限公司 | Weak password identification method and related equipment |
| CN116647400A (en) * | 2023-06-12 | 2023-08-25 | 维沃移动通信有限公司 | Weak password detection method, device, electronic equipment and server |
| CN116647400B (en) * | 2023-06-12 | 2025-09-30 | 维沃移动通信有限公司 | Weak password detection method, device, electronic device and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108737094B (en) | 2021-12-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108737094A (en) | A kind of method and relevant device of the detection of domain cipher safety | |
| US8285985B2 (en) | Systems and methods for detecting exposure of private keys | |
| CN105825122B (en) | A kind of weak passwurd is verified and crack method and device | |
| CA2962432C (en) | Secure high speed data storage, access, recovery, and transmission | |
| US9294287B2 (en) | Interrogating an authentication device | |
| CN101783801B (en) | Software protection method based on network, client side and server | |
| Scarfone et al. | Guide to enterprise password management (draft) | |
| US20070039042A1 (en) | Information-security systems and methods | |
| US9331995B2 (en) | Secure configuration of mobile application | |
| GB2547921A (en) | Preventing misuse of code signing certificates | |
| US20200145389A1 (en) | Controlling Access to Data | |
| KR101838973B1 (en) | Agent based security threat monitoring system using white list | |
| CN103812651B (en) | Method of password authentication, apparatus and system | |
| CN106790156A (en) | A kind of smart machine binding method and device | |
| CA2553024A1 (en) | System and method for associating message addresses with certificates | |
| US20150264047A1 (en) | Method and system for providing secure communication between multiple operating systems in a communication device | |
| Keong Ng et al. | VoterChoice: A ransomware detection honeypot with multiple voting framework | |
| CN114039726B (en) | Key generation method, key acquisition method, related device and medium | |
| Al Kabir et al. | An overview of the present and future of user authentication | |
| CN109981677A (en) | A kind of credit management method and device | |
| CN103441989B (en) | A kind of authentication, information processing method and device | |
| Wani et al. | Cloud security architecture based on user authentication and symmetric key cryptographic techniques | |
| CN115580417B (en) | Data processing method, device, electronic device and computer readable storage medium | |
| Blessing et al. | SoK: Web Authentication and Recovery in the Age of End-to-End Encryption | |
| JP2012173992A (en) | Theft state determination system and theft state determination program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |