嘿,我想知道如何最好地衡量密码强度。我找到了两个不同的页面:http://rumkin.com/tools/password/passchk.php和http://www.passwordmeter.com/
它们对不同的密码给出了完全不同的结果。不知何故,以位为单位测量是显而易见的,但很难说要考虑多少个不同的字符,例如:
假设我的密码是 aB*,而不是使用蛮力的人必须使用特殊的字符,大写和小写字母,因此 ~60 个不同的字符,即 60^3 种组合。到目前为止谢谢!
只需根据建议密码的某些特征授予分数:
- 密码中每个字符 1 分
- 如果同时使用数字和字符,则为 2 分,如果还包含非数字或字符符号,则为 3 分。
- 如果同时包含大写和小写字母,则得 2 分。 字典
- 中可以找到的每个单词得 -2 分(尽管这可能更难检查)。
- -2 分,如果一个数字可以代表一年。
由此,举一些好密码和坏密码的例子,并了解什么是好的分数。
这是我正在使用的方案,它似乎工作得很好。
Public Enum PasswordComplexityScore
BadPassword
MediumStrengthPassword
GoodPassword
End Enum
Public Function CalculatePasswordComplexity() As PasswordComplexityScore
Dim Score As Integer
'If the password matches the username then BadPassword
If Password = UserName Then
Return PasswordComplexityScore.BadPassword
End If
'If the password is less than 5 characters then TooShortPassword
If Password.Length < 5 Then
Return PasswordComplexityScore.BadPassword
End If
Score = Password.Length * 4
Score = Score + (CheckRepeatedPatterns(1).Length - Password.Length)
Score = Score + (CheckRepeatedPatterns(2).Length - Password.Length)
Score = Score + (CheckRepeatedPatterns(3).Length - Password.Length)
Score = Score + (CheckRepeatedPatterns(4).Length - Password.Length)
'If the password has 3 numbers then score += 5
If CountNumbers() >= 3 Then
Score = Score + 5
End If
'If the password has 2 special characters then score += 5
If CountSymbols() >= 2 Then
Score = Score + 5
End If
'If the password has upper and lower character then score += 10
If HasUpperAndLowerCharacters() Then
Score = Score + 10
End If
'If the password has numbers and characters then score += 15
If HasNumbersAndCharacters() Then
Score = Score + 10
End If
'If the password has numbers and special characters then score += 15
If CountNumbers() > 0 And CountSymbols() > 0 Then
Score = Score + 15
End If
'If the password has special characters and characters then score += 15
If CountLetters() > 0 And CountSymbols() > 0 Then
Score = Score + 15
End If
'If the password is only characters then score -= 10
If CountLetters() > 0 And CountNumbers() = 0 And CountSymbols() = 0 Then
Score = Score - 15
End If
'If the password is only numbers then score -= 10
If CountLetters() = 0 And CountNumbers() > 0 And CountSymbols() = 0 Then
Score = Score - 15
End If
If Score > 100 Then
Score = 100
End If
If Score < 34 Then
Return PasswordComplexityScore.BadPassword
End If
If Score < 68 Then
Return PasswordComplexityScore.MediumStrengthPassword
End If
Return PasswordComplexityScore.GoodPassword
End Function
我已经在生产中使用它大约 8 年了。 我想我把它从别人的java脚本转换为vb6,然后转换为 vb.net。
如果您愿意,我可以发布所有支持功能。
干杯