论文信息 - Password management

Password management

Problems of password selection and password management are discussed. Using a simple yet powerful model, the author describes ways to select passwords and identifies two techniques of hindering the compromise of a system by guarding the information and algorithms used to validate user passwords. It is pointed out that obtaining access to a system, or to resources on the system, is the first step in attacking the system. Penetration by obtaining, or guessing, a password is a time-honored, and extremely effective, technique for gaining such access; thus, a firm understanding of passwords, their uses, and techniques for password management are essential to the security of any computer system.<<ETX>>

Matt Bishop

[1] Daniel Klein,et al. Foiling the cracker: A survey of, and improvements to, password security , 1992 .

[2] Ken Thompson,et al. Password security: a case history , 1979, CACM.

[3] James A. Haskett,et al. Pass-algorithms: a user validation scheme based on knowledge of secret algorithms , 1984, CACM.

[4] G. A. Miller. THE PSYCHOLOGICAL REVIEW THE MAGICAL NUMBER SEVEN, PLUS OR MINUS TWO: SOME LIMITS ON OUR CAPACITY FOR PROCESSING INFORMATION 1 , 1956 .

[5] Lynn Grant. DES key crunching for safer cypher keys , 1987, SGSC.

[6] F. T. Grampp,et al. The UNIX system UNIX operating system security , 1984, AT&T Bell Laboratories Technical Journal.

[7] Matt Bishop,et al. An Application of a Fast Data Encryption Standard Implementation , 1988, Comput. Syst..