User:R96340/密碼 (認證)

维基百科,自由的百科全书
  此页面介紹的是認證用途的密碼。关于其他涵義,请见「密碼」。
維基百科使用用戶名與密碼驗證登入程序。

密碼是一組用於驗證身份,由字元所組成的單字字串。使用密碼驗證程序的系統會要求使用者以一組特定的密碼證明其身份,或是作為授權予使用者與否的依據(舉例來說,通行碼屬於密碼的一種,用於判別是否授予使用者通行權),這通常是為了保護某些隱私資訊,使其不易外洩給那些未被授權或未通過驗證的使用者。

密碼的使用可以追溯到很久以前,密碼在早期以口令或暗號的形式存在,用於保護一個政體或族群的所屬領土。在那時,崗哨會要求那些希望進入被管制區域或接近崗哨附近的人們示意正確的口令或暗號,並且一次僅放行一位到一小群知道暗號的人。

現在用戶名和密碼經常被使用於登入驗證程序,保護諸如電腦作業系統手機有線電視解碼器自動櫃員機等的內部或隱私資料。一個典型的電腦使用者一般擁有許多不同用途的密碼,用作登入帳號、收取電子郵件;取得應用程式、資料庫、網路、網站,甚至是閱讀線上早報的通行或使用授權。

儘管密碼在英語中寫作「通行字」(英語:Password),但密碼一般不需要包含任何實際存在的單字,事實上不包含任何常見單字的密碼可能會更難以破解從而起到更強的保護作用。某些密碼是由多個單字所排列組成,或打亂單字的順序組成,這樣的密碼也被稱為密語(英語:Passphrase)。

與上述密碼與密語的字構相同,除了密碼以外,像是密符(英語:Passcode)或密鑰(英語:Passkey)這樣的術語有時也會用來描述一些純數字或包含少量字母的隱私訊息,例如普遍用於自動櫃員機驗證的個人識別碼。與一般較複雜且通常包含流水號的密符或密鑰相比,密碼通常較短,使其較易於被記憶及輸入。

許多機構制定了密碼方針要求特定的密碼必須達到一定的強度,一般來說判定的標準包含密碼長度、包含的字元種類(例如大寫或小寫字母、數字、標點符號、特殊字元)、包含的固有元素(例如姓名、出生年月日、地址、電話號碼)等。

有些政府機關擁有國家級的驗證系統[1],規定使用者要求被授權使用政府官方服務時的驗證程序,其中包含關於密碼的格式與強度要求。

密碼的歷史[编辑]

口頭確認特定的文字排序是最簡單的一種區分敵我,進而起到對領地保護作用的方式。也因此密碼及口令、暗號的使用有著久遠的歷史,得以自古典時代以前使用至今,但是何人最先使用密碼或暗號則無從得知。

古希臘史學家波利比烏斯曾在其著作《歷史》一書中描述古羅馬軍隊的口令配置:

他們利用口令來鞏固巡守範圍的方式是這樣的:首先安排由各級步兵及騎兵所組成的十個小隊駐紮在各個街道通往城內的一端,然後被指定站崗的人就要在每天日落時前往護民官的營帳,取得一個上面寫著當天通行暗號的木板。 Takes his leave, and on returning to his quarters passes on the watchword and tablet before witnesses to the commander of the next maniple, who in turn passes it to the one next him. All do the same until it reaches the first maniples, those encamped near the tents of the tribunes. These latter are obliged to deliver the tablet to the tribunes before dark. So that if all those issued are returned, the tribune knows that the watchword has been given to all the maniples, and has passed through all on its way back to him. If any one of them is missing, he makes inquiry at once, as he knows by the marks from what quarter the tablet has not returned, and whoever is responsible for the stoppage meets with the punishment he merits.

——波利比烏斯,《歷史》第三卷[2]

Passwords in military use evolved to include not just a password, but a password and a counterpassword; for example in the opening days of the Battle of Normandy, paratroopers of the U.S. 101st Airborne Division used a password — flash — which was presented as a challenge, and answered with the correct response — thunder. The challenge and response were changed every three days. American paratroopers also famously used a device known as a "cricket" on D-Day in place of a password system as a temporarily unique method of identification; one metallic click given by the device in lieu of a password was to be met by two clicks in reply.[3]

Passwords have been used with computers since the earliest days of computing. MIT's CTSS, one of the first time sharing systems, was introduced in 1961. It had a LOGIN command that requested a user password. "After typing PASSWORD, the system turns off the printing mechanism, if possible, so that the user may type in his password with privacy."[4] In the early 1970s, Robert Morris developed a system of storing login passwords in a hashed form as part of the Unix operating system. The system was based on a simulated Hagelin rotor crypto machine, and first appeared in 6th Edition Unix in 1974. A later version of his algorithm, known as crypt(3), used a 12-bit salt and invoked a modified form of the DES algorithm 25 times to reduce the risk of pre-computed dictionary attacks.[5]

參見[编辑]

參考來源[编辑]

  1. ^ Improving Usability of Password M的anagement with Standardized Password Policies (pdf). Retrieved on 2012-10-12.
  2. ^ Polybius on the Roman Military. Ancienthistory.about.com (2012-04-13). Retrieved on 2012-05-20.
  3. ^ Mark Bando. 101st Airborne: The Screaming Eagles in World War II. Mbi Publishing Company. 2007 [20 May 2012]. ISBN 978-0-7603-2984-9. 
  4. ^ CTSS Programmers Guide, 2nd Ed., MIT Press, 1965
  5. ^ Morris, Robert; Thompson, Ken. Password Security: A Case History.. Bell Laboratories. 1978-04-03 [2011-05-09]. 

外部連結[编辑]

取自“https://zh.wikipedia.org/w/index.php?title=User:R96340/密碼_(認證)&oldid=46314624