口令,在日常的生活中,人们总把它称为密码。 Password, in daily life, people call it a password. 其实,这两者之间的差别还是有的。 In fact, the difference between the two is still there. 一般来说,口令比较简单,随便,而密码则不一样,它要正式一些,也要复杂一些。 In general, the password is relatively simple, casual, and the password is not the same, it is to formal, but also more complex. 如果针对仪态计算机上的帐号来说,这时,密码成了一个变量,而口令则是一个常量。 If the computer account for deportment is, when, the password into a variable, and the password is a constant.
当前,无论是计算机用户,还是一个银行的户头,都是用口令保护的,通过口令来验证用户的身份。 Currently, both the computer user, or a bank account, is password-protected by a password to authenticate the user. 在网络上,使用户口令来验证用户的身份成了一种基本的手段。 On the network, allowing users to authenticate the user password to become a basic tool. 但是使用口令也面临着许多的安全问题。 But the use of passwords is also facing a number of security issues. 在Internet上,由于系统没有口令或者口令设置的不科学,太简单,从而使得系统被如侵的事情数不胜数。 On the Internet, because the system password or password not set unscientific, too simple, making the system are numerous things such as the invasion.
应该说口令安全是用户用来保卫自己系统安全的第一道防线。 It should be said is the user password security system to protect the safety of their own first line of defense. 人们总是试图通过猜测合法用户的口令的办法来获得没有授权的访问。 People are always trying to guess a legitimate user's password is no way to gain unauthorized access. 一般有两种通用的做法:一是从存放许多常用的口令的数据库中,逐一地取出口令一一尝试;另一和做法是设法偷走系统的口令文件,如E-MAIL欺骗,然后用口令破译这些经过加密的口令。 There are two common practices: First, from a number of commonly used passwords stored in the database, one by one to remove the password to try out; Another approach is to try and steal the system password file, such as E-MAIL to deceive, and then use the password decrypt the encrypted password.
攻击者都喜欢得到一个系统的口令文件。 Attacker like to get a system password file. 在许多的UNIX系统中,得到口令文件并不是一见很容易的事,因为口令文件只有超级用户才有权利读写。 In many UNIX systems, see to get the password file is not an easy task, because only the super user password file have the right to read and write. 因此,当口令文件被盗走后,系统的超级用户权限在某些特定的情况下,可能被攻击者直接或间接地得到和行使。 Therefore, when the password file stolen left, the system super user privileges in certain cases, the attacker could be received, directly or indirectly, and exercise. 至于攻击者获取口令文件的目的,这很显然,因为从口令中可以破译出一些口令和用户名来,便于以后冒充合法的用户访问这台主机,因此当发现系统的口令文件被非法访问过以后,一顶要更换所有的口令。 As for the attacker to get password file aim, obviously, because the password can be cracked some passwords and user names for later impersonate legitimate users to access this host, so when that system's password file after illegally accessed , one should replace all the passwords.
当一个攻击者得到了初始的访问系统的权力后,他就会到处看系统的漏洞,借此来得到进一步的权限。 When an attacker to access the system to get the initial power, he will be around to see loopholes in the system, thereby to obtain further permissions. 因此,使系统安全的第一步就是让那些未经授权的用户不能进入你的系统。 Therefore, the first step is to make the system safe for those unauthorized users can not access your system. 有时候使用了好的口令也是不够的。 Sometimes using a good password is not enough. 因为当口令在网络上传输的时候,尤其当它穿过一个并不安全的网络的时候,就面临着被监听的危险。 Because when the password on the network transmission time, especially when it is not through a secure network, when faced with the risk of being monitored. 即使当前的网络使用了网络协议和其他的防护措施。 Even if the current network using network protocols and other protective measures. 因为,网络的协议是通用的,别人只要监听到了你传送的数据包,就可以使用对应的协议和工具将里面的口令和用户名挑选出来。 Because the network protocol is generic, others listening to you as long as the transmission of data packets, you can use the corresponding protocols and tools inside the password and user name selected. 这时候,你就得考绿使用口令加密的办法。 At this time, you have to consider the green way to use password encryption. 当无法实现加密的时候,就必须保证在网上传输的口令是一次性口令。 When the encryption can not be achieved when it is necessary to ensure that the password is transmitted over the Internet one-time password. 因为一次性的口令即使被人监听了也没有关系。 Because one-time password even if it does not matter who is listening.
几乎所有的资源和服务都可能是攻击者的目标,为此我们必须有响应的安全措施,包括复杂的和简单的。 Almost all of the resources and services are likely to be the attacker's goal, for which we must respond to security measures, including complex and simple. 首先,我们使用密码作为安全策略的第一步。 First, we use the password security policy as the first step. 密码(口令)很重要,它是抵抗攻击的第一道防线。 Password (password) is very important, it is the first line of defense against attack. 如果攻击者不能访问系统,那么他就不能很好地和系统进行交互信息,那么对系统所能采取的入侵的方法也就不多了。 If the attacker can not access the system, then he can not interact well, and system information, then the system can also take the invasion of the method is not much.
防止入侵者读取口令文件,可以减少他们登录进系统的可能.需要人们知道的是,取得口令文件并古一顶要登录进系统;而不登录进系统照样可以进行许多的攻击活动. Prevent intruders from reading the password file, you can reduce them to log into the system possible. Need people to know is that to obtain the password file and the old one to log into the system; still can not log into the system for many of the attacks.
另外不要过低估计攻击者的能力,口令也是可以破解的.如果我们做如下的假设: Also, do not underestimate the ability of the attacker, you can crack the password is if we make the following assumptions:
*口令在62个字符中产生(AZ,az,0-9) * 62-character password generated (AZ, az ,0-9)
* 有效的口令为5-8位字符的长度.那么所有的有效口令的个数将是一个巨大的数字,用人工的方法去猜解口令几乎是不可能的.但是,可以用程序试遍所有的组合直到找到合适的,因此我们必须采取更好的措施来增加攻击者的难度.比如增加口令的基数,一减少攻击成功的可能性.如果口令的长度在8个字符以上,可以使用空格,标号以及一些其他的字符(如<,>,\,#,$,%,*等)则可以将基数从62提高到95,其可能的口令数目将是非常大的.尽管如此, 攻击者依然存在着攻击的可能,通过一些工具来破解出一些这样的口令来.当时对一个设计良好的口令来说,破解他将要话很长的时间.比如,使用数字并使用15 个字符长的口令,而且不用英文单词,起口令破解就比较难了. * Effective password is 5-8 characters in length then the number of all the valid password will be a huge number, an artificial way to guess the password is almost impossible to solve, but you can use the program try all until you find the right combination, so we must take better measures to increase the difficulty of an attacker, such as a password to increase the base, a reduced likelihood of successful attacks if the password is 8 characters in length or more, you can use the space , label and some other characters (such as <,>, \ ,#,$,%,*, etc.) can be the base from 62 to 95, the number of possible passwords is very large. However, the attacker still exists the possibility of attack, through a number of tools to crack the password to some such, when the password for a well-designed, the crack, then he will be a very long time, for example, using digital and use a password 15 characters long , but not the English word, since it is more difficult to crack password.
另外要注意的是,口令在网络上传送的途中可能被截获的.如果每次使用口令来进行访问或者取得稳当的话,攻击者(黑客们)就可能得逞,这就在传输过程中为系统被入侵打开了方便之门,因此数据加密也是非常重要的.当告诉系统自己是谁后,必须向系统证明自己的身份,这个过程叫做认证.绝大多数系统,是通过口令来进行认证的目前的认证方式主要有: Another point to note is that the password sent over the network may be intercepted on the way, if every time you use a password to access or to obtain secure, then attackers (hackers) may succeed, for which the transmission system is invasion opened the door, so data encryption is also very important when telling the system who he is, must prove their identity to the system, a process called authentication. the vast majority of systems, is certified by password for the current authentication methods are:
*可以告诉计算机自己知道的一些东西(口令) *可以让计算机看,自己有什么(一个钥匙) * You can tell the computer something they know (password) * can make the computer look what they have (a key)
*可以让计算机得到一些一个人特有的信息(指纹) * You can let the computer get some specific information of a person (fingerprints)
当单独使用一台计算机机时,可使用物理的方式,如锁好门来保护自己的安全.然而,一台通过调制解调器连网的计算机,可以从世界上的任何一个有电话的地方进行访问.当它连到一个网络上时,可以被任何连通到这个网络的人访问.这时候,口令变成了如同门上的锁一样重要的东西. When used alone, a computer machine, you can use physical methods, such as locked doors to protect their own safety, however, a networked computer via a modem, can any one from the world where access to a telephone. When it is connected to a network, can be used by any person connected to the network access at this time, the password becomes as important as the lock on the door thing.
在现在的电子世界中,有很多的人,总是尝试他们发现的每一台计算机,看一看是否能进去访问.如果没有安全保护,这些危险的人便会闯入,进行破坏. In today's electronic world, there are a lot of people, they always try to find each computer to see if access can go if there is no security, these dangerous people will break into, to destroy.
Tidak ada komentar:
Posting Komentar