堆栈内存溢出
  简体   繁体   English

如何存储和搜索“禁用密码”列表

[英]How to store and search list of 'Banned Passwords'

 原文  2013-03-08 06:05:30       java/ dictionary/ passwords

问题描述

I'm working on a project where I need to have a set of password restrictions that includes a file of disallowed passwords ( All the common passwords like 'abc','abcdef','12345' 'password' etc. ) The file of passwords will consist of around 10000-15000 words. 我正在开发一个项目,我需要有一组密码限制,包括一个不允许密码的文件( 所有常用密码,如'abc','abcdef','12345''密码'等 )。密码将包含大约10000-15000个单词。

Now I want to make sure that when a user sets/changes a password, it doesn't exist in the list. 现在我想确保当用户设置/更改密码时,它在列表中不存在。 I was thinking of using a dictionary (or map) in Java (with buckets as 'A', 'B', 'C'.... 'Z','NUMBERS','SPECIAL_CHARS') so that I just check the first character and then search the corresponding bucket. 我正在考虑在Java中使用字典(或地图)(将桶作为'A','B','C'......'Z','NUMBERS','SPECIAL_CHARS')以便我只检查第一个字符,然后搜索相应的桶。 But I'm not sure what kind of performance I can get out of this. 但我不确定我可以从中获得什么样的表现。

Any suggestions for working with a 'Banned Passwords' List.... Any other pointers to watch out for? 有关使用“禁止密码”列表的任何建议......还有其他需要注意的提示吗?

3 个解决方案

解决方案1
 2  2013-03-08 06:13:16

If you extend your approach of "one bucket per letter" to the complete string, you will end with a trie , which looks like a nice structure for this problem, though I can't see a reason for not using a single HashSet (after all, the verification cost is almost constant, and the hash set searches in the bucket where the password is supposed to be stored). 如果你将“每个字母一个桶”的方法扩展到完整的字符串,你将以一个trie结束,这看起来像是一个很好的结构来解决这个问题,尽管我看不出没有使用单个HashSet的原因(之后)所有,验证成本几乎是恒定的,并且散列集在应该存储密码的桶中搜索。 Splitting the hash depending on the initial letter does not improve the performance in comparision with using a single set. 根据初始字母拆分哈希不会改善与使用单个集合相比的性能。

On the other hand, if your implementation is memory bounded, you could avoid storing some banned passwords and do a rule-guided verification (eg check if there are 4 consecutive characters that differ by one, as in "ghij", or check if they are fragments of a keyboard row, such as "yuiop"). 另一方面,如果您的实现是内存限制,您可以避免存储一些禁用的密码并执行规则引导验证(例如,检查是否有4个连续字符相差一个,如“ghij”,或检查它们是否存在是键盘行的片段,例如“yuiop”)。 Each rule will be equivalent to several banned passwords. 每条规则都相当于几个禁用的密码。

解决方案2
 1  2013-08-02 19:33:12

You might want to use a real lib to do this. 您可能希望使用真正的lib来执行此操作。 For example.. https://code.google.com/p/java-dictionary-password-validator/ 例如.. https://code.google.com/p/java-dictionary-password-validator/

解决方案3
 0  2013-03-08 06:14:55

you have to write a method which can check sequence of characters (Ex: abcdef) and same characters (Ex:111111) and all other constraints. 你必须编写一个方法,可以检查字符序列(例如:abcdef)和相同的字符(例如:111111)和所有其他约束。 Along with this any how you have to take a static List/Set variable which will hold all restricted strings. 除此之外你还需要一个静态的List / Set变量来保存所有受限制的字符串。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在数据库中存储密码? - how to store passwords in database? 如何安全地在Android上存储密码? - How to safely store passwords on Android? 如何存储Java Web应用程序所需的密码? - How to store java web application needed passwords? 在android中存储不同的密码 - Store different passwords in android 如何在列表的二叉搜索树中存储每个节点? - How to store each node in a binary search tree in a list? 如何在桌面客户端应用程序(Java)中存储密码和敏感数据? - How to store passwords and sensitive data in a desktop client application (Java)? 如何在java中存储用户名和密码并在不同的类中调用它们 - How to store usernames and passwords in java and call them in a different class 如何存储搜索记录 - How to store Search History 如何在操作系统“默认”密钥库中安全地存储密码? - How can I store passwords securely in Operating Systems “default” Key-Store? 如何避免maven中被禁止的依赖错误? - How to avoid banned dependency error in maven?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM