用户:R96340/密码 (认证)

维基百科,自由的百科全书
  此页面介绍的是认证用途的密码。关于其他涵义,请见“密码”。
维基百科使用用户名与密码验证登入程序。

密码是一组用于验证身份,由字元所组成的单字字串。使用密码验证程序的系统会要求使用者以一组特定的密码证明其身份,或是作为授权予使用者与否的依据(举例来说,通行码属于密码的一种,用于判别是否授予使用者通行权),这通常是为了保护某些隐私资讯,使其不易外泄给那些未被授权或未通过验证的使用者。

密码的使用可以追溯到很久以前,密码在早期以口令或暗号的形式存在,用于保护一个政体或族群的所属领土。在那时,岗哨会要求那些希望进入被管制区域或接近岗哨附近的人们示意正确的口令或暗号,并且一次仅放行一位到一小群知道暗号的人。

现在用户名和密码经常被使用于登入验证程序,保护诸如电脑操作系统手机有线电视解码器自动柜员机等的内部或隐私资料。一个典型的电脑使用者一般拥有许多不同用途的密码,用作登入账号、收取电子邮件;取得应用程序、数据库、网络、网站,甚至是阅读线上早报的通行或使用授权。

尽管密码在英语中写作“通行字”(英语:Password),但密码一般不需要包含任何实际存在的单字,事实上不包含任何常见单字的密码可能会更难以破解从而起到更强的保护作用。某些密码是由多个单字所排列组成,或打乱单字的顺序组成,这样的密码也被称为密语(英语:Passphrase)。

与上述密码与密语的字构相同,除了密码以外,像是密符(英语:Passcode)或密钥(英语:Passkey)这样的术语有时也会用来描述一些纯数字或包含少量字母的隐私讯息,例如普遍用于自动柜员机验证的个人识别码。与一般较复杂且通常包含流水号的密符或密钥相比,密码通常较短,使其较易于被记忆及输入。

许多机构制定了密码方针要求特定的密码必须达到一定的强度,一般来说判定的标准包含密码长度、包含的字元种类(例如大写或小写字母、数字、标点符号、特殊字元)、包含的固有元素(例如姓名、出生年月日、地址、电话号码)等。

有些政府机关拥有国家级的验证系统[1],规定使用者要求被授权使用政府官方服务时的验证程序,其中包含关于密码的格式与强度要求。

密码的历史[编辑]

口头确认特定的文字排序是最简单的一种区分敌我,进而起到对领地保护作用的方式。也因此密码及口令、暗号的使用有着久远的历史,得以自古典时代以前使用至今,但是何人最先使用密码或暗号则无从得知。

古希腊史学家波利比乌斯曾在其著作《历史》一书中描述古罗马军队的口令配置:

他们利用口令来巩固巡守范围的方式是这样的:首先安排由各级步兵及骑兵所组成的十个小队驻扎在各个街道通往城内的一端,然后被指定站岗的人就要在每天日落时前往护民官的营帐,取得一个上面写着当天通行暗号的木板。 Takes his leave, and on returning to his quarters passes on the watchword and tablet before witnesses to the commander of the next maniple, who in turn passes it to the one next him. All do the same until it reaches the first maniples, those encamped near the tents of the tribunes. These latter are obliged to deliver the tablet to the tribunes before dark. So that if all those issued are returned, the tribune knows that the watchword has been given to all the maniples, and has passed through all on its way back to him. If any one of them is missing, he makes inquiry at once, as he knows by the marks from what quarter the tablet has not returned, and whoever is responsible for the stoppage meets with the punishment he merits.

——波利比乌斯,《历史》第三卷[2]

Passwords in military use evolved to include not just a password, but a password and a counterpassword; for example in the opening days of the Battle of Normandy, paratroopers of the U.S. 101st Airborne Division used a password — flash — which was presented as a challenge, and answered with the correct response — thunder. The challenge and response were changed every three days. American paratroopers also famously used a device known as a "cricket" on D-Day in place of a password system as a temporarily unique method of identification; one metallic click given by the device in lieu of a password was to be met by two clicks in reply.[3]

Passwords have been used with computers since the earliest days of computing. MIT's CTSS, one of the first time sharing systems, was introduced in 1961. It had a LOGIN command that requested a user password. "After typing PASSWORD, the system turns off the printing mechanism, if possible, so that the user may type in his password with privacy."[4] In the early 1970s, Robert Morris developed a system of storing login passwords in a hashed form as part of the Unix operating system. The system was based on a simulated Hagelin rotor crypto machine, and first appeared in 6th Edition Unix in 1974. A later version of his algorithm, known as crypt(3), used a 12-bit salt and invoked a modified form of the DES algorithm 25 times to reduce the risk of pre-computed dictionary attacks.[5]

参见[编辑]

参考来源[编辑]

  1. ^ Improving Usability of Password M的anagement with Standardized Password Policies (pdf). Retrieved on 2012-10-12.
  2. ^ Polybius on the Roman Military. Ancienthistory.about.com (2012-04-13). Retrieved on 2012-05-20.
  3. ^ Mark Bando. 101st Airborne: The Screaming Eagles in World War II. Mbi Publishing Company. 2007 [20 May 2012]. ISBN 978-0-7603-2984-9. 
  4. ^ CTSS Programmers Guide, 2nd Ed., MIT Press, 1965
  5. ^ Morris, Robert; Thompson, Ken. Password Security: A Case History.. Bell Laboratories. 1978-04-03 [2011-05-09]. 

外部链接[编辑]

取自“https://zh.wikipedia.org/w/index.php?title=User:R96340/密碼_(認證)&oldid=46314624