/**
获取随机密码
date的格式是年月日yymmdd,privatyKey为10位左右的字母数字组合串
1.需要返回8位纯数字
2.须使用date,privatyKey来生成
3.每次调用都是随机生成的(在date、privatyKey相同的情况下,返回的结果也要不同),尽量保证低重复率
**/
getPassword(date,privatyKey){
}
/**
检测密码
getPassword生成的密码可以通过检测,随便输入的密码通不过检测
**/
checkPassword(date,privatyKey,password){
}
有什么合适的算法?
ringa_lee2017-04-18 10:54:04
1. 从date和privateKey生成一个单向函数,如 `f(num) = SHA256(num ++ date ++ privateKey)` (++表示字符串拼接)
2. 随机生成一个3位数字a, 计算 `b = f(a)`
3. 取 `c = b中的前5位数字`, 返回 `a ++ c`The unavoidable problem: There are too few things that can be stored in an 8-digit number (1e8 或 2^30).
So this method is almost completely resistant to exhaustion. The attacker only needs to fix the first 3 bits and exhaust the last 5 bits.
When using it, the algorithm itself must be kept secret, or restrictions such as the number of attempts must be added.
A variant that slightly increases the difficulty of exhaustion:
2. 第一次生成时返回f(1)的前8位数字 第二次生成时返回f(2)的前8位, ...
3. 检验时生成f(1) ~ f(100),检查输入是否属于这个集合
伊谢尔伦2017-04-18 10:54:04
You can use a ready-made hash function (such as sha256) to act on (date, pkey). The result is generally much more than 8 digits of pure numerical information. Divide this information into small pieces and return one piece randomly.
getpass(date, pkey) {
passwords[10] = sha256(date, pkey);
return passwords[random(1,10)];
}
checkpass(date, pkey, pass) {
passwords[10] = sha256(date, pkey);
return (pass in passwords);
}
天蓬老师2017-04-18 10:54:04
If you want to return different results every time, you can use TripleDes
But the result can only be an 8-digit pure number, which is enough
