Đánh giá độ mạnh mật khẩu sử dụng ngôn ngữ tiếng Việt dựa trên ước lượng entropy
DOI:
https://doi.org/10.54654/isj.v8i2.34Keywords:
password strength, authentication, evaluation, Vietnamese language.Tóm tắt
Tóm tắt— Mật khẩu là một trong những nhân tố được sử dụng phổ biến nhất trong hệ thống xác thực. Vai trò của mật khẩu là đảm bảo người dùng có quyền hợp lệ với dữ liệu mà họ đang muốn truy cập. Hầu hết các hệ thống đều cố gắng thực thi bảo mật bằng cách bắt buộc người dùng tuân theo các chính sách tạo mật khẩu thông qua đánh giá độ mạnh mật khẩu. Bài báo này giới thiệu một số phương pháp đánh giá độ mạnh mật khẩu trong đó tập trung vào phương pháp đánh giá dựa trên ước lượng entropy, từ đó đề xuất phát triển một công cụ đánh giá độ mạnh mật khẩu có thể ứng dụng được trong các phần mềm xác thực người dùng dựa trên mật khẩu sử dụng ngôn ngữ tiếng Việt.
Abstract— Password is one of the most common means of authentication systems. The role of the password is to ensure that the user has legal right to the data they are trying to access. Most systems try to enforce security by requiring their users to follow some password generation policies with evaluating password strength. This paper introduces a number of methods for evaluating password strength, particularyly the entropy estimation based method, then, it is proposed to develop a password strength evaluation tool that can be applied in password-based user authentication software using Vietnamese language.
Downloads
References
[1]. https://en.wikipedia.org/wiki/Password
[2]. Xavier De Carne De Carnavalet, Mohammad Mannan (2015) “A Large-Scale Evaluation of High-Impact Password Strength Meters”.
[3] https://en.wikipedia.org/wiki/Password_strength
[4] NIST Special Publication 800-63: Electronic Authentication Guideline, 2004.
[5].Nouf Mohammed D. Aljaffan, “Password Security and Usability: From Password Checkers To a New Framework For User Authentication”, 2017.
[6]. A. Narayanan and V. Shmatikov, “Fast dictionary attacks on passwords using time-space tradeoff”, 2005.
[7]. M. Weir, S. Aggarwal, B. de Medeiros, and B. Glodek, “Password cracking using probabilistic context-free grammars”, 2009.
[8]. W. Melicher, B. Ur, S. M. Segreti, S. Komanduri, L. Bauer, N. Christin, and L. F. Cranor, “Fast, lean and accurate: Modeling password guessability using neural networks”, 2016.
[9].C. Castelluccia, A. Chaabane, M. Durmuth, and D. Perito, “When privacy meets security: Leveraging personal information for password cracking”, 2013.
[10] Y. Li, H. Wang, and K. Sun, “A study of personal information in human-chosen passwords and its security implications”, 2016.
[11] Daniel Lowe Wheeler (2016), “zxcvbn: Low-Budget Password Strength Estimation”.
[12] S. Ji, S. Yang, T. Wang, C. Liu, W.H. Lee, and R. Beyah, “PARS: A uniform and open-source password analysis and research system”, 2015.
[13]. https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/
[14] https://tools.ietf.org/html/rfc4086
[15]. https://www.informatik.unileipzig.de/~duc/Dict
[16]. https://github.com/danielmiessler/SecLists/blob/ master/Passwords/xato-net-10-million-passwords-100000.txt
[17]. https://xato.net/10-000-top-passwords 6d63807 16fe0
[18]. https://raw.githubusercontent.com/danielmiessler/SecLists/
[19]. master/Passwords/Leaked-Databases/phpbb.txt
[20].https://leakedsource.ru/blog/myspace
[21]. https://raw.githubusercontent.com/danielmiessler/SecLists/ master/Passwords/Leaked-Databases/myspace.txt
[22] http://www.mediafire.com/file/tttc26nlemi8ntb/6tr-user-vn-zoom.rar
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).