我想避免存储我的密码列表,而是使用公开可见的 MATLAB 函数可靠地重新生成它们。该函数采用一个未存储在任何地方的密钥来设置随机数生成器的种子。
这是在我需要时重新生成帐户密码的安全方法吗?我所说的安全是指,它比知道我的密钥是什么的人更容易受到攻击吗?
% Start with a blank slate
clear all
clc
% {url, #symbols, #upper, #lower, #numbers}
accounts = { ...
'www.foo.com', [3,3,3,3]; ...
'www.bar.com', [0,4,4,4]; ...
'www.box.com', [0,2,3,2]; ...
};
key = input('Secret Key: ', 's');
acc = input('Account Name (URL): ', 's');
% Clear display immediately
clc
% Allowed characters
s = { ...
'@#$%&*=+'; ... % symbols
'ABCDEFGHJKMNPQRSTUVWXYZ'; ... % upper
'abcdefghjkmnpqrstuvwxyz'; ... % lower
'123456789' }; % numbers
% Find matching accounts
idx = strfind(accounts(:,1), acc);
% Generate password for each matching account
for j = 1:length(idx)
if isempty(idx{j})
% Skip if there is no matching account
continue
end
% Salted random number generator seed
rng(sum([key, ': ', accounts{j,1}]), 'twister');
ns = accounts{j,2};
n = sum(ns);
% Construct password
p = '';
for k = 1:length(s)
v = s{k};
p = [p v(randi(length(v),1,ns(k)))];
end
p = p(randperm(n));
fprintf('Password for %s is %s\n', accounts{j,1}, p)
end
% Clear all variables for safety
clear all
例如,我上面的原型导致
Password for www.foo.com is q*PZry4@8%3F
Password for www.bar.com is 8nZ8NWa6C8am
Password for www.box.com is wUw3Bn9
每次我使用输入运行我的 MATLAB 代码时:
Secret Key: MySecretKey
Account Name (URL): www