电脑密码
<p> 2015复习正是强化复习阶段,在考研英语中占了40分,所以考研英语阅读是英语科目中重要的一项。名师老师曾建议过考研生需要坚持每天泛读10-15分钟的英文原刊。强烈推荐了杂志《经济学人》.杂志中的文章也是考研英语的主要材料来源.希望考研考生认真阅读,快速提高考研英语阅读水平。 <span word="Computer">Computer</span> <span word="passwords">passwords</span> 电脑密码 <span word="Speak">Speak</span>, <span word="friend">friend</span>, <span word="and">and</span> <span word="enter">enter</span> 说,朋友和进入 <span word="Computer">Computer</span> <span word="passwords">passwords</span> <span word="need">need</span> <span word="to">to</span> <span word="be">be</span> <span word="memorable">memorable</span> <span word="andsecure">andsecure</span>. 电脑密码须具备两个特性:易记及难猜。 <span word="Most">Most</span> <span word="people">people</span> <span word="s">s</span> <span word="are">are</span> <span word="the">the</span> <span word="first">first</span> <span word="but">but</span> <span word="not">not</span> <span word="the">the</span> <span word="second">second</span>. 但是大部分人的密码只注重了前者却忽略了后者。 <span word="Researchers">Researchers</span> <span word="are">are</span> <span word="trying">trying</span> <span word="to">to</span> <span word="make">make</span> <span word="it">it</span> <span word="easier">easier</span> <span word="for">for</span> <span word="them">them</span> <span word="to">to</span> <span word="be">be</span> <span word="both">both</span> 研究人员正努力让两者兼而有之变得更以实现。 <span word="PASSWORDS">PASSWORDS</span> <span word="are">are</span> <span word="ubiquitous">ubiquitous</span> <span word="in">in</span> <span word="computer">computer</span> <span word="security">security</span>. 密码在电脑安全领域的应用相当普遍。 <span word="All">All</span> <span word="too">too</span> <span word="often">often</span>, <span word="they">they</span> <span word="are">are</span> <span word="also">also</span> <span word="ineffective">ineffective</span>. 但他们往往没起什么作用。 <span word="A">A</span> <span word="good">good</span> <span word="password">password</span> <span word="has">has</span> <span word="to">to</span> <span word="be">be</span> <span word="both">both</span> <span word="easy">easy</span> <span word="to">to</span> <span word="remember">remember</span> <span word="and">and</span> <span word="hard">hard</span> <span word="to">to</span> <span word="guess">guess</span>, <span word="but">but</span> <span word="in">in</span> <span word="practice">practice</span> <span word="peopleseem">peopleseem</span> <span word="to">to</span> <span word="plump">plump</span> <span word="for">for</span> <span word="the">the</span> <span word="former">former</span> <span word="over">over</span> <span word="the">the</span> <span word="latter">latter</span>. 一个好密码必须具备易记及难猜两个特征,而实际上人们好像只注意到了前者而忽略了后者。 <span word="Names">Names</span> <span word="of">of</span> <span word="wives">wives</span>, <span word="husbands">husbands</span> <span word="and">and</span> <span word="children">children</span> <span word="are">are</span> <span word="popular">popular</span>. 以妻子,丈夫或孩子的名字作为密码的人大有人在。 <span word="Some">Some</span> <span word="take">take</span> <span word="simplicity">simplicity</span> <span word="to">to</span> <span word="extremes">extremes</span>: <span word="one">one</span> <span word="former">former</span> <span word="deputy">deputy</span> <span word="editor">editor</span> <span word="of">of</span> <span word="The">The</span> <span word="Economist">Economist</span> <span word="used">used</span> <span word="z">z</span> <span word="formany">formany</span> <span word="years">years</span>. 有些人的密码简单到了极点:<span word="The">The</span> <span word="Economist">Economist</span>的一位前副主编多年来一直用<span word="Z">Z</span>作密码。 <span word="And">And</span> <span word="when">when</span> <span word="hackers">hackers</span> <span word="stole">stole</span> 32<span word="m">m</span> <span word="passwords">passwords</span> <span word="from">from</span> <span word="a">a</span> <span word="social">social</span>-<span word="gaming">gaming</span> <span word="website">website</span> <span word="called">called</span> <span word="RockYou">RockYou</span>, <span word="itemerged">itemerged</span> <span word="that">that</span> 1.1% <span word="of">of</span> <span word="the">the</span> <span word="site">site</span> <span word="s">s</span> <span word="users">users</span>365,000 <span word="peoplehad">peoplehad</span> <span word="opted">opted</span> <span word="either">either</span> <span word="for">for</span> 123456 <span word="or">or</span> <span word="for">for</span>12345. 当黑客在社交游戏网站盗取了3200万用户的密码后,人们才发现原来这个网站大约1.1%的用户-也就是365,000人-选择了12345或123456作为密码。 <span word="That">That</span> <span word="predictability">predictability</span> <span word="lets">lets</span> <span word="security">security</span> <span word="researchers">researchers</span> <span word="create">create</span> <span word="dictionaries">dictionaries</span> <span word="which">which</span> <span word="list">list</span> <span word="commonpasswords">commonpasswords</span>, <span word="a">a</span> <span word="boon">boon</span> <span word="to">to</span> <span word="those">those</span> <span word="seeking">seeking</span> <span word="to">to</span> <span word="break">break</span> <span word="in">in</span>. 安全性研究人员于是根据密码的这种可预见性编制了一些罗列处各种常见密码的字典,这对那些有志于破解他人密码的人来说可说是找到了福音。 <span word="But">But</span> <span word="although">although</span> <span word="researchers">researchers</span> <span word="know">know</span> <span word="that">that</span> <span word="passwords">passwords</span> <span word="are">are</span> <span word="insecure">insecure</span>, <span word="working">working</span> <span word="out">out</span> <span word="just">just</span> <span word="how">how</span> <span word="insecurehas">insecurehas</span> <span word="been">been</span> <span word="difficult">difficult</span>. 但即使研究人员已经知道了密码不安全,要确切地给出个不安全系数却是很困难的。 <span word="Many">Many</span> <span word="studies">studies</span> <span word="have">have</span> <span word="only">only</span> <span word="small">small</span> <span word="samples">samples</span> <span word="to">to</span> <span word="work">work</span> <span word="ona">ona</span> <span word="few">few</span> <span word="thousand">thousand</span> <span word="passwords">passwords</span> <span word="at">at</span> <span word="most">most</span>. 许多研究项目的对象只有一小块样本-最多只有几千个密码。 <span word="Hacked">Hacked</span> <span word="websites">websites</span> <span word="such">such</span> <span word="as">as</span> <span word="RockYou">RockYou</span> <span word="have">have</span> <span word="provided">provided</span> <span word="longer">longer</span> <span word="lists">lists</span>, <span word="but">but</span> <span word="there">there</span> <span word="are">are</span> <span word="ethical">ethical</span> <span word="problemswith">problemswith</span> <span word="using">using</span> <span word="hacked">hacked</span> <span word="information">information</span>, <span word="and">and</span> <span word="its">its</span> <span word="availability">availability</span> <span word="is">is</span> <span word="unpredictable">unpredictable</span>. 像<span word="Rockyou">Rockyou</span>这样被黑的网站能够提供更多的密码,但使用黑客盗取的密码不仅会引发道德问题上的争议,其可行性也是未知的。 <span word="However">However</span>, <span word="a">a</span> <span word="paper">paper</span> <span word="to">to</span> <span word="be">be</span> <span word="presented">presented</span> <span word="at">at</span> <span word="a">a</span> <span word="security">security</span> <span word="conference">conference</span> <span word="held">held</span> <span word="under">under</span> <span word="the">the</span> <span word="auspices">auspices</span> <span word="of">of</span> <span word="theInstitute">theInstitute</span> <span word="of">of</span> <span word="Electrical">Electrical</span> <span word="and">and</span> <span word="Electronics">Electronics</span> <span word="Engineers">Engineers</span>, <span word="a">a</span> <span word="New">New</span> <span word="York">York</span>-<span word="based">based</span> <span word="professional">professional</span> <span word="body">body</span>, <span word="inMay">inMay</span>, <span word="sheds">sheds</span> <span word="some">some</span> <span word="light">light</span>. 然而,在五月份由总部位于纽约的一个专业组织-电气电子协会支持下召开了一场安全性研讨会议,会上公布的一份文件让我们看到了解决这个难题的一丝曙光。 <span word="With">With</span> <span word="the">the</span> <span word="co">co</span>-<span word="operation">operation</span> <span word="of">of</span> <span word="Yahoo">Yahoo</span>!, <span word="a">a</span> <span word="large">large</span> <span word="internet">internet</span> <span word="company">company</span>, <span word="Joseph">Joseph</span> <span word="Bonneau">Bonneau</span> <span word="of">of</span> <span word="CambridgeUniversity">CambridgeUniversity</span> <span word="obtained">obtained</span> <span word="the">the</span> <span word="biggest">biggest</span> <span word="sample">sample</span> <span word="to">to</span> <span word="date">date</span>70<span word="m">m</span> <span word="passwords">passwords</span> <span word="that">that</span>, <span word="though">though</span> <span word="anonymised">anonymised</span>,<span word="came">came</span> <span word="with">with</span> <span word="useful">useful</span> <span word="demographic">demographic</span> <span word="data">data</span> <span word="about">about</span> <span word="their">their</span> <span word="owners">owners</span>. 在一家大型网络公司-雅虎的协助下,剑桥大学的<span word="Joseph">Joseph</span> <span word="Bonneau">Bonneau</span>得到了一份迄今为止最大的研究样本,虽然是匿名的,但是包含了其用户极为有用的人口学数据。 <span word="Mr">Mr</span> <span word="Bonneau">Bonneau</span> <span word="found">found</span> <span word="some">some</span> <span word="intriguing">intriguing</span> <span word="variations">variations</span>. 在这份样本中<span word="Mr">Mr</span> <span word="Bonneau">Bonneau</span>发现了一些有趣的差异。 <span word="Older">Older</span> <span word="users">users</span> <span word="had">had</span> <span word="better">better</span> <span word="passwords">passwords</span> <span word="than">than</span> <span word="young">young</span> <span word="ones">ones</span>. 相较于年轻用户,老用户设置的用户更好。 <span word="People">People</span> <span word="whose">whose</span> <span word="preferred">preferred</span> <span word="language">language</span> <span word="was">was</span> <span word="Korean">Korean</span> <span word="or">or</span> <span word="German">German</span> <span word="chose">chose</span> <span word="the">the</span> <span word="most">most</span> <span word="secure">secure</span> <span word="passwords">passwords</span>;<span word="those">those</span> <span word="who">who</span> <span word="spoke">spoke</span> <span word="Indonesian">Indonesian</span> <span word="the">the</span> <span word="least">least</span>. 母语为韩语或德语的用户所设置的密码安全系数最高,而说印尼语的最低。 <span word="Passwords">Passwords</span> <span word="designed">designed</span> <span word="to">to</span> <span word="hide">hide</span> <span word="sensitive">sensitive</span> <span word="information">information</span> <span word="such">such</span> <span word="as">as</span> <span word="credit">credit</span>-<span word="card">card</span> <span word="numbers">numbers</span> <span word="were">were</span> <span word="onlyslightly">onlyslightly</span> <span word="more">more</span> <span word="secure">secure</span> <span word="than">than</span> <span word="those">those</span> <span word="protecting">protecting</span> <span word="less">less</span> <span word="important">important</span> <span word="things">things</span>, <span word="like">like</span> <span word="access">access</span> <span word="to">to</span> <span word="games">games</span>. 被设置用来隐藏像信用卡卡号这样的敏感信息的密码,相比较于另外一些保护游戏登录入口这样不那么重要的信息所设置的密码,其安全性高不了多少。 <span word="Nag">Nag</span> <span word="screens">screens</span> <span word="that">that</span> <span word="told">told</span> <span word="users">users</span> <span word="they">they</span> <span word="had">had</span> <span word="chosen">chosen</span> <span word="a">a</span> <span word="weak">weak</span> <span word="password">password</span> <span word="made">made</span> <span word="virtually">virtually</span> <span word="no">no</span> <span word="difference">difference</span>. 那些提醒用户设置的密码安全性较低的唠叨屏幕其实没有什么作用。 <span word="And">And</span> <span word="users">users</span> <span word="whose">whose</span> <span word="accounts">accounts</span> <span word="had">had</span> <span word="been">been</span> <span word="hacked">hacked</span> <span word="in">in</span> <span word="the">the</span> <span word="past">past</span> <span word="did">did</span> <span word="not">not</span> <span word="make">make</span> <span word="dramatically">dramatically</span> <span word="moresecure">moresecure</span> <span word="choices">choices</span> <span word="than">than</span> <span word="those">those</span> <span word="who">who</span> <span word="had">had</span> <span word="never">never</span> <span word="been">been</span> <span word="hacked">hacked</span>. 相对于那些从没被黑过的,有过账户被黑经验的用户的安全防范意识也并没得到显著提高。 <span word="But">But</span> <span word="it">it</span> <span word="is">is</span> <span word="the">the</span> <span word="broader">broader</span> <span word="analysis">analysis</span> <span word="of">of</span> <span word="the">the</span> <span word="sample">sample</span> <span word="that">that</span> <span word="is">is</span> <span word="of">of</span> <span word="most">most</span> <span word="interest">interest</span> <span word="to">to</span> <span word="security">security</span> <span word="researchers">researchers</span>. 但是,对研究样本进行更为综合性的分析才是安全性研究人员的兴趣所在。 <span word="For">For</span>, <span word="despite">despite</span> <span word="their">their</span> <span word="differences">differences</span>, <span word="the">the</span> 70<span word="m">m</span> <span word="users">users</span> <span word="were">were</span> <span word="still">still</span> <span word="predictable">predictable</span> <span word="enough">enough</span> <span word="that">that</span> <span word="a">a</span> <span word="genericpassword">genericpassword</span> <span word="dictionary">dictionary</span> <span word="was">was</span> <span word="effective">effective</span> <span word="against">against</span> <span word="both">both</span> <span word="the">the</span> <span word="entire">entire</span> <span word="sample">sample</span> <span word="and">and</span> <span word="any">any</span> <span word="demographicallyorganised">demographicallyorganised</span> <span word="slice">slice</span> <span word="of">of</span> <span word="it">it</span>. 因为尽管存在各种差异,但是通过分析样本中那7000万用户的资料还是可以预见到,一部通用的密码暴力破解字典就能够有效应付这一整个样本,或者任何根据某项人口学特征而从中抽取的一小块资料。 <span word="Mr">Mr</span> <span word="Bonneau">Bonneau</span> <span word="is">is</span> <span word="blunt">blunt</span>: <span word="An">An</span> <span word="attacker">attacker</span> <span word="who">who</span> <span word="can">can</span> <span word="manage">manage</span> <span word="ten">ten</span> <span word="guesses">guesses</span> <span word="per">per</span> <span word="accountwillcompromise">accountwillcompromise</span> <span word="around">around</span> 1% <span word="of">of</span> <span word="accounts">accounts</span>. <span word="Mr">Mr</span> <span word="Bonneau">Bonneau</span>直言不讳地说:只要每个账号给破解者10次猜测密码的机会...会有大约1%的密码被破解。 <span word="And">And</span> <span word="that">that</span>, <span word="from">from</span> <span word="the">the</span> <span word="hacker">hacker</span> <span word="s">s</span> <span word="point">point</span> <span word="of">of</span> <span word="view">view</span>, <span word="is">is</span> <span word="a">a</span> <span word="worthwhile">worthwhile</span> <span word="outcome">outcome</span>. 这在黑客看来绝对值得一试。 <span word="One">One</span> <span word="obvious">obvious</span> <span word="answer">answer</span> <span word="would">would</span> <span word="be">be</span> <span word="for">for</span> <span word="sites">sites</span> <span word="to">to</span> <span word="limit">limit</span> <span word="the">the</span> <span word="number">number</span> <span word="of">of</span> <span word="guesses">guesses</span> <span word="that">that</span> <span word="can">can</span> <span word="be">be</span> <span word="madebefore">madebefore</span> <span word="access">access</span> <span word="is">is</span> <span word="blocked">blocked</span>, <span word="as">as</span> <span word="cash">cash</span> <span word="machines">machines</span> <span word="do">do</span>. 对网站而言,很显然,他们可以在系统上进行类似于<span word="ATM">ATM</span>机的设置:一旦密码输入错误次数达到规定者,即封锁登录入口。 <span word="Yet">Yet</span> <span word="whereas">whereas</span> <span word="the">the</span> <span word="biggest">biggest</span> <span word="sites">sites</span>, <span word="such">such</span> <span word="as">as</span> <span word="Google">Google</span> <span word="and">and</span> <span word="Microsoft">Microsoft</span>, <span word="do">do</span> <span word="take">take</span> <span word="such">such</span> <span word="measures">measures</span>,<span word="many">many</span> <span word="donot">donot</span>. 然而,只有谷歌、微软这样的大型网站采取了类似的措施,很多其他网站对此不以为意。 <span word="A">A</span> <span word="sample">sample</span> <span word="of">of</span> 150 <span word="big">big</span> <span word="websites">websites</span> <span word="examined">examined</span> <span word="in">in</span> 2010 <span word="by">by</span> <span word="Mr">Mr</span> <span word="Bonneau">Bonneau</span> <span word="and">and</span> <span word="his">his</span> <span word="colleague">colleague</span> <span word="SrenPreibusch">SrenPreibusch</span> <span word="found">found</span> <span word="that">that</span> 126 <span word="made">made</span> <span word="no">no</span> <span word="attempt">attempt</span> <span word="to">to</span> <span word="limit">limit</span> <span word="guessing">guessing</span>. 在2010年,<span word="Mr">Mr</span> <span word="Bonneau">Bonneau</span>和他的同事<span word="Sren">Sren</span> <span word="Preibusch">Preibusch</span>曾对一份囊括了150家大型网站的样本做过调查,结果显示其中126家并没有对密码输入错误次数作出限制。 <span word="How">How</span> <span word="this">this</span> <span word="state">state</span> <span word="of">of</span> <span word="affairs">affairs</span> <span word="arose">arose</span> <span word="is">is</span> <span word="obscure">obscure</span>. 这种状况的状况的出现实在是令人费解。</p>
页:
[1]