Zaɓi Harshe

PESrank: Kiyasta Matsayin Kalmar Sirri ta Yanar Gizo ta Hanyar Kiyasta Matsayi Mai Girma Daban-Daban

Bincike kan PESrank, sabon na'urar kiyasta ƙarfin kalmar sirri ta amfani da kiyasta matsayi mai girma daban-daban don tantance tsaron kalmar sirri a kan layi, mai bayyanawa, da kuma iya gyara.
computationalcoin.com | PDF Size: 0.8 MB
Kima: 4.5/5
Kimarku
Kun riga kun ƙididdige wannan takarda
Murfin Takardar PDF - PESrank: Kiyasta Matsayin Kalmar Sirri ta Yanar Gizo ta Hanyar Kiyasta Matsayi Mai Girma Daban-Daban
Duba Takardar PDF Zazzage PDF Fassara PDF
Gida » Takaddun » PESrank: Kiyasta Matsayin Kalmar Sirri ta Yanar Gizo ta Hanyar Kiyasta Matsayi Mai Girma Daban-Daban

1. Gabatarwa

Wannan takarda ta gabatar da PESrank, sabon na'urar kiyasta ƙarfin kalmar sirri da aka ƙera don yin ƙirar aikin mai fasa kalmar sirri mai ƙarfi ta hanyar lissafin matsayin kalmar sirri a cikin tsari mafi kyau na yiwuwa. Tana magance buƙatar mahimmanci na masu kiyasta masu iya aiki a kan layi waɗanda suka wuce ƙididdiga masu sauƙi kamar ƙididdigar LUDS (Ƙananan Haruffa, Manyan Haruffa, Lambobi, Alamomi).

1.1. Bayanan Baya

Duk da sanannun raunuka, kalmomin sirri na rubutu sun kasance babbar hanyar tabbatar da ainihi. Masu amfani sau da yawa suna zaɓar kalmomin sirri masu rauni, masu iya annabta, wanda ke sa tsarin ya zama mai saukin kamuwa da hare-haren zato. An ayyana ƙarfin daidai a matsayin adadin yunƙurin da maharin yake buƙata don zato. Masu kiyasta na baya da suka dogara da masu fasa kalmar sirri sun yi amfani da samfuran Markov, PCFGs, da hanyoyin sadarwar jijiyoyi, amma sau da yawa sun sha wahala daga dogon lokacin horo ko kuma rashin iya aiki cikin gaggawa.

1.2. Gudunmawa

Babban ƙirƙira na PESrank shine sake tsara kiyasta matsayin kalmar sirri a cikin tsarin mai yiwuwa daga binciken ɓoyayyen bayanai na gefe. Tana ɗaukar kalmomin sirri a matsayin maki a cikin sararin bincike mai girma d (misali, kalmar tushe, ƙari, tsarin manyan haruffa), tana koyon rarraba yuwuwar kowane girma daban. Wannan yana ba da damar saurin kiyasta matsayi a kan layi ba tare da ƙididdigewa ba, ingantaccen tsarin keɓancewa, da kuma amsa mai bayyanawa.

2. Hanyar PESrank

PESrank tana rarraba kalmar sirri zuwa girma masu fassara, tana canza matsalar kiyasta ƙarfi zuwa aikin kiyasta matsayi mai girma daban-daban.

2.1. Wakilcin Kalmar Sirri Mai Girma Daban-Daban

Kalmar sirri kamar "P@ssw0rd2024!" za a iya wakilta ta cikin girma daban-daban: Kalmar Tushe ("password"), Tsarin Musanya L33t, Ƙari ("2024"), da ƙara haruffa na musamman. Kowane girma yana da aikin rarraba yuwuwar da aka haɗa da shi wanda aka koya daga bayanan horo.

2.2. Tsarin Kiyasta Matsayi

Maimakon ƙididdigar duk yuwuwar kalmomin sirri, PESrank tana lissafin matsayi R(p) na takamaiman kalmar sirri p ta hanyar tattara yuwuwar duk kalmomin sirri da suka fi p yuwuwa a cikin sararin haɗaɗɗiyar da girma suka ayyana. Wannan yana kama da kiyasta matsayin maɓalli na sirri a cikin binciken ɓoyayyen bayanai na gefe.

3. Aiwartawa ta Fasaha & Tsarin Lissafi

3.1. Tsarin Mai Yiwuwa

Bari a wakilci kalmar sirri p a matsayin vector (x1, x2, ..., xd) a cikin girma d masu zaman kansu. Yuwuwar p ana kiyasta ta kamar haka: $$P(p) \approx \prod_{i=1}^{d} P_i(x_i)$$ inda Pi(xi) shine yuwuwar gefe na bangaren xi a cikin girma i. Matsayi R(p) shine jimlar yuwuwar duk kalmomin sirri q tare da P(q) > P(p).

3.2. Lissafin Matsayi Mai Inganci

PESrank tana amfani da ingantattun algorithms don lissafin wannan jimla ba tare da ƙididdigewa ba. Ga kowane girma, tana kiyaye jerin abubuwan da aka jera bisa yuwuwa. Lissafin matsayi ya haɗa da zagayawa waɗannan jerin da tattara samfuran ɓangare, yana cimma aikin ƙasa da daƙiƙa guda ko da tare da samfurin da aka horar akan kalmomin sirri miliyan 905.

4. Sakamakon Gwaji & Kimantawa

4.1. Ma'aunin Aiki

Takardar ta ba da rahoton cikakken kimantawa. Muhimman sakamakon sun haɗa da:

  • Sauri: Lokacin amsa "ƙasa da daƙiƙa 1" ga tambayoyin kan layi.
  • Daidaito: Kiyasta matsayi tare da iyaka har zuwa bit 1 tsakanin iyaka na sama da na ƙasa, yana nuna babban daidaito.
  • Lokacin Horarwa: "Gajarta sosai" fiye da hanyoyin da suka gabata (waɗanda zasu iya buƙatar kwanaki).

Bayanin Chati (Ra'ayi): Chati na sanduna yana kwatanta lokacin horarwar PESrank (tsari na sa'o'i) da samfurin Hanyar Sadarwar Jijiyoyi (tsari na kwanaki) da samfurin PCFG (tsari na dubunnan sa'o'i). Layin jadawalin da aka lulluɓe yana nuna jinkirin tambayar PESrank yana tsayawa ƙasa da daƙiƙa 1 yayin da girman samfurin (adadin kalmomin sirri a cikin saitin horo) ya karu daga miliyan 10 zuwa Biliyan 1.

4.2. Kwatantawa da Hanyoyin Da Suka Wanzu

An kwatanta PESrank da masu kiyasta na dabara (LUDS), Markov, da na tushen PCFG. Ta nuna mafi girman alaƙa da ainihin tsarin fasa kalmar sirri daga kayan aiki kamar Hashcat, yana tabbatar da manufarta na "tushen mai fasa kalmar sirri". Fasalin bayyanawarta, yana ba da dalilan ƙananan matsayi (misali, "kalmar tushe tana cikin jerin sanannun 100"), fa'ida ce ta musamman akan hanyoyin sadarwar jijiyoyi na baƙar fata.

5. Muhimman Bayanai & Tsarin Bincike

Mahimmin Bayani

PESrank ba wani ƙarin ci gaba ba ne; canji ne na tsari. Ta yi nasarar dasa ingantattun dabarun kiyasta matsayi daga binciken ɓoyayyen bayanai na gefe—fage mai sha'awar ƙididdiga ɓoyayyen bayanai na maɓalli—zuwa cikin duniyar ɗimbin kalmomin sirri da mutum ya zaɓa. Wannan haɗakarwa ita ce hazakarta. Yayin da samfura kamar hanyar sadarwar jijiyoyi ta Google ta 2016 ta cimma babban daidaito, sun kasance marasa bayyanawa kuma suna jinkirin horo. PESrank tana ba da daidaiton ƙirar mai fasa kalmar sirri amma tare da bayyanawa da saurin ingantaccen tsarin mai yiwuwa.

Kwararar Hankali

Hankalin yana da kyau sosai: 1) Rarraba kalmomin sirri zuwa girma masu zaman kansu, masu fassara ga mutum (wani motsi mai kama da PCFG na Weir da sauransu amma mafi ƙanƙanta). 2) Ɗauka cewa 'yancin kai na girma don sa sararin yuwuwar ya zama mai sauƙi—wani sauƙaƙe da sakamakon ya tabbatar. 3) Aiwatar da algorithms na kiyasta matsayi waɗanda ke kaucewa fashewar haɗaɗɗiyar ƙididdigewa. Kwararar daga bayanai (ɓarkewar kalmomin sirri) zuwa samfuri (PMFs na kowane girma) zuwa fitarwa mai aiki (matsayi da bayani) yana da tsabta kuma mai inganci a lissafi.

Ƙarfi & Kurakurai

Ƙarfi: Haɗin gwiwar sauri (amfani a kan layi), bayyanawa, da iyawar gyara yana da ban sha'awa don aiwatarwa a duniyar gaske. Ikon keɓance samfurin "a cikin ɓangarorin daƙiƙa guda" ga mai amfani (misali, rage matsayin kalmomin sirri da ke ɗauke da sunansa) fasali ne mai kisa don tsaron kamfani. Ingantaccen horonsa kuma yana rage shingen amfani da sabbin, manyan bayanan kalmomin sirri.

Kurakurai: Babban zato na 'yancin kai na girma shine dugadugansa. A zahiri, zaɓin mai amfani a cikin girma yana da alaƙa (misali, wasu manyan haruffa suna da yuwuwa tare da wasu kalmomin tushe). Takardar ta yarda da wannan amma tana iƙirarin cewa kiyasin ya kasance mai tasiri. Bugu da ƙari, kamar duk samfuran da suka dogara da ɓarkewa, a zahiri suna kallon baya, yana iya ƙima ƙarfin sabbin dabarun gina kalmar sirri da ba a taɓa ganin su a cikin ɓarkewa ba.

Bayanai Masu Aiki

Ga CISOs da ƙungiyoyin tsaron samfura: Gwada PESrank ko magadanta a cikin hanyoyin rajistar mai amfani. Bayanawarta na iya canza manufar kalmar sirri daga toshewa mai tayar da hankali zuwa lokacin koyarwa, yana iya inganta bin ka'ida. Ga masu bincike: Takardar ta buɗe hanyoyi. Shin za a iya sassauta zaton 'yancin kai tare da ƙarin rikitattun samfuran mai yiwuwa, amma har yanzu masu inganci? Shin wannan tsarin zai iya haɗawa da "m" daidaitawa don kurakurai ko ƙananan bambance-bambance? Haɗin bayanan keɓancewa na ainihin lokaci (kundin kamfani, takaddun shaida da aka keta) shine mataki na gaba na ma'ana don ainihin mai kiyasta na kamfani mai daidaitawa.

6. Hasashen Aikace-aikace & Hanyoyin Gaba

Binciken Kalmar Sirri Mai Tsari: Haɗawa cikin shafukan yanar gizo da aikace-aikacen shiga a matsayin mai ba da shawara na ainihin lokaci, yana ba da amsa nan take, mai bayyanawa.

Tsarin Tabbatar da Ainihi Mai Daidaitawa: Ƙimar haɗari mai ƙarfi inda matsayin kalmar sirri ke rinjayar buƙatar ƙarin abubuwan tabbatar da ainihi (misali, ƙananan matsayin kalmar sirri yana haifar da tilas 2FA).

Manufofin Tsaro Na Keɓance: Tsarin kamfani zai iya kiyaye keɓaɓɓun samfura ga kowane ma'aikaci, yana rage matsayin kalmomin sirri da ke ɗauke da bayanan ma'aikaci na musamman (suna, ID, sashe).

Bincike na Gaba: Tsawaita samfurin don ɗaukar jimlolin sirri, bincika haɗakar koyon zurfi don ɗaukar ƙananan alaƙar girma, da haɓaka ma'auni na daidaitattun ma'auni don masu kiyasta ƙarfin kalmar sirri kamar jagororin kalmar sirri na NIST amma don kimanta algorithm.

7. Nassoshi

  1. David, L., & Wool, A. (2020). Online Password Guessability via Multi-Dimensional Rank Estimation. arXiv preprint arXiv:1912.02551.
  2. Weir, M., Aggarwal, S., Medeiros, B., & Glodek, B. (2009). Password cracking using probabilistic context-free grammars. In 2009 30th IEEE Symposium on Security and Privacy.
  3. Melicher, W., Ur, B., Segreti, S. M., Komanduri, S., Bauer, L., Christin, N., & Cranor, L. F. (2016). Fast, lean, and accurate: Modeling password guessability using neural networks. In 25th USENIX Security Symposium.
  4. NIST. (2017). Digital Identity Guidelines: Authentication and Lifecycle Management. NIST Special Publication 800-63B.
  5. Bonneau, J. (2012). The science of guessing: analyzing an anonymized corpus of 70 million passwords. In 2012 IEEE Symposium on Security and Privacy.