{"id":549,"date":"2021-09-09T16:22:12","date_gmt":"2021-09-09T08:22:12","guid":{"rendered":"http:\/\/cms.aaasec.com.tw\/?p=549"},"modified":"2021-09-22T14:47:41","modified_gmt":"2021-09-22T06:47:41","slug":"password_cracking_and_defense","status":"publish","type":"post","link":"https:\/\/cms.aaasec.com.tw\/index.php\/2021\/09\/09\/password_cracking_and_defense\/","title":{"rendered":"\u5bc6\u78bc\u7684\u7834\u89e3\u8207\u9632\u79a6"},"content":{"rendered":"<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-550\" src=\"https:\/\/cms.aaasec.com.tw\/wp-content\/uploads\/2021\/09\/1100903\u5bc6\u78bc\u7684\u7834\u89e3\u8207\u9632\u79a6_\u5de5\u4f5c\u5340\u57df-1.png\" alt=\"\" width=\"2084\" height=\"2084\" \/><!--more--><\/p>\n<h4>By Yun<\/h4>\n<h3><strong>\u524d\u8a00<\/strong><\/h3>\n<p>\u73fe\u4eca\u751f\u6d3b\u4e2d\uff0c\u5927\u90e8\u5206\u4f7f\u7528\u7684\u670d\u52d9\u90fd\u9700\u8981\u8a3b\u518a\u5e33\u865f\u5bc6\u78bc\uff0c\u8209\u51e1\u793e\u7fa4\u7db2\u7ad9\u3001\u96fb\u5546\u3001\u904a\u6232\u5f71\u97f3\u5e73\u53f0\u4ee5\u53ca\u8edf\u786c\u9ad4\u7684\u7db2\u9801\u4ecb\u9762\u7b49\u3002\u6216\u8005\u662f\u6a94\u6848\u52a0\u5bc6\u3001FTP\u670d\u52d9\u4ee5\u53caSSH\u7b49\u4e5f\u90fd\u6703\u4f7f\u7528\u5230\u5bc6\u78bc\u3002\u5bc6\u78bc\u7684\u4f7f\u7528\u975e\u5e38\u5ee3\u6cdb\uff0c\u56e0\u6b64\u5bc6\u78bc\u7684\u9632\u8b77\u4e5f\u76f8\u7576\u91cd\u8981\u3002\u672c\u6587\u5c07\u6703\u4ecb\u7d39\u4e00\u7a2e\u5bc6\u78bc\u7834\u89e3\u65b9\u5f0f\uff0c\u4ee5\u53ca\u8a72\u5982\u4f55\u9632\u79a6\uff01<\/p>\n<h3><strong>\u5bc6\u78bc\u731c\u6e2c\u653b\u64ca<\/strong><\/h3>\n<p>\u5bc6\u78bc\u731c\u6e2c\u653b\u64ca\u6307\u7684\u662f\u9010\u500b\u731c\u6e2c\u5bc6\u78bc\u76f4\u5230\u627e\u51fa\u771f\u6b63\u7684\u5bc6\u78bc\u70ba\u6b62\u3002\u90a3\u9ebc\u662f\u600e\u9ebc\u731c\u6e2c\u5bc6\u78bc\u7684\u5462\uff1f\u731c\u6e2c\u7684\u65b9\u5411\u5927\u6982\u53ef\u4ee5\u5206\u6210\u4ee5\u4e0b\u4e09\u7a2e\uff1a<\/p>\n<ol>\n<li>\n<h4><strong>\u8490\u96c6\u7684\u60c5\u5831<\/strong><\/h4>\n<\/li>\n<\/ol>\n<p>\u82e5\u77e5\u9053\u5e33\u865f\u64c1\u6709\u8005\uff0c\u53ef\u4ee5\u900f\u904e\u7db2\u8def\u641c\u5c0b\u8cc7\u6599\uff0c\u518d\u5f9e\u5176\u76f8\u95dc\u8cc7\u8a0a\u53bb\u731c\u3002\u4f8b\u5982\uff1a\u82f1\u6587\u540d\u5b57\u3001\u751f\u65e5\u4ee5\u53ca\u624b\u6a5f\u865f\u78bc\u7b49\u7b49\u3002<\/p>\n<p>\u6b64\u5916\uff0c\u7db2\u8def\u4e0a\u6709\u5e38\u898b\u5bc6\u78bc\u7684\u540d\u55ae<sup>[1]<\/sup>\uff0c\u6709\u4e00\u4e9b\u7c21\u55ae\u7684\u82f1\u6578\u5b57\u7d44\u5408\uff0c\u50cf\u300c123456\u300d\u3001\u300cpassword\u300d\u3001\u300cqqww1122\u300d\u7b49\u3002\u9084\u6709\u6839\u64da\u9375\u76e4\u4f4d\u7f6e\u7522\u751f\u7684\u7d44\u5408\uff0c\u4f8b\u5982\u300cqwerty\u300d\u3001\u300c1q2w3e4r5t\u300d\u7b49\u90fd\u699c\u4e0a\u6709\u540d\u3002\u5176\u4ed6\u9084\u6709\u5c0d\u61c9\u6ce8\u97f3\u7522\u751f\u7684\u5bc6\u78bc\u300cau4a83\uff08\u5bc6\u78bc\uff09\u300d\u3002<\/p>\n<p>\u53e6\u4e00\u65b9\u9762\uff0c\u8a31\u591a\u8a2d\u5099\u7cfb\u7d71\u90fd\u8a2d\u6709\u9810\u8a2d\u5bc6\u78bc\uff0c\u9019\u500b\u8cc7\u8a0a\u4e00\u822c\u5728\u7db2\u8def\u4e0a\u90fd\u67e5\u7684\u5230\u3002<\/p>\n<ol start=\"2\">\n<li>\n<h4><strong>\u66b4\u529b\u7834\u89e3\uff08<\/strong><strong>Brute-force attack<\/strong><strong>\uff09<\/strong>[2]<\/h4>\n<\/li>\n<\/ol>\n<p>\u4ee5\u5bc6\u78bc\u4e2d\u53ef\u80fd\u51fa\u73fe\u7684\u5b57\u5143\uff08\u5b57\u6bcd\u3001\u6578\u5b57\u3001\u7279\u6b8a\u7b26\u865f\uff09\u6839\u64da\u5bc6\u78bc\u9577\u5ea6\u505a\u6392\u5217\u7d44\u5408\uff0c\u9019\u7a2e\u65b9\u5f0f\u76ee\u6a19\u662f\u5617\u8a66\u5bc6\u78bc\u6240\u6709\u7684\u53ef\u80fd\u6027\u3002<\/p>\n<ol start=\"3\">\n<li>\n<h4><strong>\u5b57\u5178\u653b\u64ca<\/strong><\/h4>\n<\/li>\n<\/ol>\n<p>\u4ee5\u7db2\u8def\u4e0a\u7684\u5e38\u898b\u5bc6\u78bc\u540d\u55ae\u4f86\u8aaa\uff0c\u81f3\u5c11\u4e5f\u6709\u4e0a\u767e\u3001\u5343\u500b\u5bc6\u78bc\u3002\u9019\u7a2e\u60c5\u6cc1\u4e0b\u653b\u64ca\u8005\u4e0d\u592a\u53ef\u80fd\u624b\u52d5\u4e00\u500b\u4e00\u500b\u8f38\u5165\u4f86\u6e2c\u8a66\u3002<\/p>\n<p>\u6240\u8b02\u300c\u5b57\u5178\u653b\u64ca\u300d\u6307\u7684\u5c31\u662f\u5229\u7528\u96c6\u5408\u591a\u500b\u5bc6\u78bc\u7684\u6e05\u55ae\uff08\u53c8\u7a31\u4f5c\u5b57\u5178\u6a94\uff09\uff0c\u900f\u904e\u5de5\u5177\u81ea\u52d5\u9010\u500b\u6e2c\u8a66\u6e05\u55ae\u88e1\u9762\u7684\u5bc6\u78bc\u3002<\/p>\n<h3><strong>\u8a72\u5982\u4f55\u9632\u79a6\uff1f<\/strong><\/h3>\n<p>\u5bc6\u78bc\u731c\u6e2c\u653b\u64ca\u770b\u8d77\u4f86\u597d\u50cf\u5f88\u5bb9\u6613\u57f7\u884c<\/p>\n<p>\uff0c\u4f46\u9084\u662f\u6709\u5176\u9650\u5236\u3002\u4e0d\u7ba1\u662f\u4ee5\u7528\u4ec0\u9ebc\u65b9\u5f0f\u4f86\u731c\u6e2c\uff0c\u5b83\u90fd\u662f\u9010\u7b46\u8cc7\u6599\u9001\u51fa\u53bb\u6e2c\u8a66\uff0c\u6240\u4ee5\u9700\u8981\u82b1\u8cbb\u4e00\u5b9a\u7684\u6642\u9593\u3002\u82e5\u662f\u900f\u904e\u5404\u985e\u578b\u5b57\u5143\u7684\u6392\u5217\u7d44\u5408\u9032\u884c\u7834\u89e3\uff0c\u5bc6\u78bc\u9577\u5ea6\u8d8a\u9577\uff0c\u5c31\u53ef\u80fd\u9700\u8981\u82b1\u8cbb\u66f4\u591a\u7684\u6642\u9593\u3002\u56e0\u6b64\u8a2d\u5b9a\u5bc6\u78bc\u6642\u6211\u5011\u53ef\u4ee5\uff1a<\/p>\n<ol>\n<li>\u4e0d\u4f7f\u7528\u5e38\u898b\u5bc6\u78bc\u8207\u500b\u4eba\u8cc7\u6599<\/li>\n<li>\u4f7f\u7528\u4e0d\u540c\u985e\u578b\u7684\u5b57\u5143\u589e\u52a0\u5bc6\u78bc\u8907\u96dc\u5ea6<br \/>\n\u8209\u4f8b\u4f86\u8aaa\uff0c\u82e5\u4ee5\u5b57\u6bcd\u4efb\u610f\u7d44\u6210\u5bc6\u78bc\u300cemdpsa\u300d\uff0c\u5c07\u5176\u4e2d\u5e7e\u500b\u5b57\u5143\u66ff\u63db\u6210\u6578\u5b57\u300c1mdp@a\u300d\u3002\u56e0\u70ba\u5b57\u5143\u7684\u53ef\u80fd\u6027\u589e\u52a0\u4e86\uff0c\u53ef\u80fd\u5c31\u9700\u8981\u82b1\u8cbb\u66f4\u9577\u7684\u6642\u9593\u624d\u80fd\u7834\u89e3\u51fa\u4f86\u3002<\/li>\n<li>\u4f7f\u7528\u591a\u500b\u82f1\u6587\u55ae\u5b57\u7d44\u6210\u9577\u5bc6\u78bc<\/li>\n<\/ol>\n<p>\u95dc\u65bc\u4e0a\u9762\u7b2c2\u9805\u6709\u53e6\u4e00\u500b\u8aaa\u6cd5<sup>[3][4]<\/sup>\uff1a\u589e\u52a0\u5bc6\u78bc\u8907\u96dc\u5ea6\u76f8\u5c0d\u4e5f\u662f\u589e\u52a0\u6211\u5011\u8a18\u5104\u7684\u96e3\u5ea6\uff0c\u6240\u4ee5\u53ef\u80fd\u6703\u5c07\u5bc6\u78bc\u8a18\u9304\u5728\u5176\u4ed6\u5730\u65b9\uff0c\u6b64\u6642\u82e5\u6c92\u6709\u6ce8\u610f\u984d\u5916\u8a18\u9304\u7684\u5b89\u5168\u6027\uff0c\u53cd\u800c\u53ef\u80fd\u9020\u6210\u5bc6\u78bc\u5916\u6d29\u7684\u98a8\u96aa\u3002\u56e0\u6b64\u4e5f\u6709\u7b2c3\u9805\u7684\u65b9\u5f0f\uff0c\u4ee5\u81ea\u5df1\u719f\u6089\u4f46\u95dc\u806f\u6027\u4e0d\u5927\u7684\u591a\u500b\u55ae\u5b57\u7d44\u6210\u4e00\u500b\u9577\u5bc6\u78bc\uff0c\u6216\u662f\u5efa\u7acb\u81ea\u5df1\u7684\u806f\u60f3\u7684\u65b9\u5f0f\u3002<\/p>\n<p>\u90a3\u9ebc\uff0c\u7db2\u7ad9\u65b9\u6216\u4f01\u696d\u65b9\u8a72\u600e\u9ebc\u9762\u5c0d\u5bc6\u78bc\u731c\u6e2c\u653b\u64ca\u5462\uff1f\u6211\u5011\u53ef\u4ee5\uff1a<\/p>\n<ol>\n<li>\u4e0d\u4f7f\u7528\u9810\u8a2d\u5bc6\u78bc<\/li>\n<li>\u9650\u5236\u767b\u5165\u5931\u6557\u7684\u6b21\u6578\uff0c\u8d85\u904e\u5247\u9396\u5b9a\u5e33\u865f<\/li>\n<li>\u7981\u6b62\u767b\u5165\u983b\u7387\u904e\u9ad8\u7684\u8acb\u6c42<\/li>\n<li>\u4f7f\u7528\u5169\u7a2e\u4e0d\u540c\u7684\u9a57\u8b49\u65b9\u5f0f\u2500\u96d9\u56e0\u7d20\u8a8d\u8b49<\/li>\n<\/ol>\n<p>\uff08\u5ef6\u4f38\u95b1\u8b80\uff1a<a href=\"https:\/\/cms.aaasec.com.tw\/index.php\/2019\/04\/18\/m_04\/\">\u55ae\u9760\u5bc6\u78bc\u9084\u4e0d\u5920\u55ce\uff1f\u96d9\u91cd\u8a8d\u8b492FA<\/a>\uff09<\/p>\n<p>\u96d6\u7136\u4e0a\u9762\u63d0\u5230\u7684\u90fd\u662f\u300c\u5bc6\u78bc\u300d\uff0c\u4f46\u5bc6\u78bc\u731c\u6e2c\u653b\u64ca\u4e0d\u9650\u65bc\u5bc6\u78bc\uff0c\u5e33\u865f\u4e5f\u662f\u53ef\u4ee5\u4e00\u8d77\u9032\u884c\u7834\u89e3\u7684\u3002iThome\u4e0a\u7684\u4e00\u5247\u65b0\u805e<sup>[5]<\/sup>\u4e2d\u63d0\u5230\uff1a\u300c\u99ed\u5ba2\u7d93\u5e38\u662f\u5229\u7528\u5077\u4f86\u7684\uff0c\u6216\u5e38\u898b\u7684administrator\u5e33\u865f\u5bc6\u78bc\u5c0d\u55ae\u4e00\u6216\u591a\u500b\u5e33\u865f\u5617\u8a66\u767b\u5165\uff0c\u6642\u9593\u70ba\u671f\u6578\u79d2\u5230\u5e7e\u5206\u9418\u3002\u300d\u56e0\u6b64\u4e5f\u5efa\u8b70\u505c\u7528\u7cfb\u7d71\u9810\u8a2d\u7684\u7ba1\u7406\u54e1\u5e33\u865f\uff0c\u6216\u662f\u66f4\u6539\u5e33\u865f\u540d\u7a31\uff0c\u589e\u52a0\u7ba1\u7406\u54e1\u5e33\u865f\u88ab\u7834\u89e3\u7684\u96e3\u5ea6\u3002<\/p>\n<h3><strong>\u5c0f\u63d0\u9192<\/strong><\/h3>\n<p>\u6700\u5f8c\u5c0f\u63d0\u9192\uff0c\u672c\u6587\u5728\u65bc\u5f9e\u653b\u64ca\u65b9\u5f0f\u505a\u5c0d\u61c9\u7684\u9632\u79a6\u7b56\u7565\uff0c\u96a8\u610f\u5617\u8a66\u7834\u89e3\u4ed6\u4eba\u5e33\u865f\u5bc6\u78bc\uff0c\u53ef\u80fd\u9700\u8981\u8ca0\u6cd5\u5f8b\u8cac\u4efb<sup>[6]<\/sup>\u54e6\uff01<\/p>\n<h3><strong>\u53c3\u8003\u8cc7\u6599<\/strong><\/h3>\n<p>[1] <a href=\"https:\/\/nordpass.com\/most-common-passwords-list\/\">Top 200 most common passwords of the year 2020<\/a><\/p>\n<p>[2] <a href=\"https:\/\/zh.wikipedia.org\/wiki\/%E8%9B%AE%E5%8A%9B%E6%94%BB%E5%87%BB\">\u883b\u529b\u653b\u64ca<\/a><\/p>\n<p>[3] <a href=\"https:\/\/www.techbang.com\/posts\/78988-experts-tell-you-that-even-setting-the-password-to-jk8vge4d-is-still-not-secure\">\u5c08\u5bb6\u544a\u8a34\u4f60\uff0c\u5c31\u7b97\u628a\u5bc6\u78bc\u8a2d\u7f6e\u70ba\u300cjK8v!ge4D\u300d\u4ecd\u7136\u4e0d\u5b89\u5168<\/a><\/p>\n<p>[4] <a href=\"https:\/\/isafe.moe.edu.tw\/article\/1944?user_type=4&amp;topic=9\">\u597d\u8a18\u53c8\u96e3\u731c\u7684\u5bc6\u78bc\u8a2d\u5b9a\u6280\u5de7<\/a><\/p>\n<p>[5] <a href=\"https:\/\/www.ithome.com.tw\/news\/135234\">\u5fae\u8edf\uff1aRDP\u66b4\u529b\u7834\u89e3\u5e73\u5747\u6301\u7e8c2-3\u5929\uff0c\u6210\u529f\u7387\u4e0d\u4f4e<\/a><\/p>\n<p>[6] <a href=\"https:\/\/law.moj.gov.tw\/LawClass\/LawParaDeatil.aspx?pcode=C0000001&amp;bp=53\">\u5168\u570b\u6cd5\u898f\u8cc7\u6599\u5eab<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[9],"tags":[],"_links":{"self":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts\/549"}],"collection":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/comments?post=549"}],"version-history":[{"count":4,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts\/549\/revisions"}],"predecessor-version":[{"id":560,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts\/549\/revisions\/560"}],"wp:attachment":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/media?parent=549"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/categories?post=549"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/tags?post=549"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}