将GUID的一部分用作随机密码是否存在安全风险? [英] Is it a security risk to use parts of GUID as a random passwords?

问题描述

当用户在我的Web应用程序中创建帐户时，我会生成一个GUID，并使用前8个字符作为密码，然后通过电子邮件发送.

When users create an account in my web application, I generate a GUID and use the first 8 characters as their password which is then sent via email.

使用GUID作为密码时是否存在安全隐患?我看了一个问题 Are GUIDs good passwords? ，但是这个问题与个人密码有关不是随机/生成的密码.理想情况下，用户可以根据需要登录并更改密码.

Is there a security risk I am overlooking in using GUIDs as passwords? I've taken a look at the questionAre GUIDs good passwords?, but that question pertains to personal passwords not random/generated passwords. Ideally, users will login and change their password if they want to.

推荐答案

使用GUID作为密码是一个非常糟糕的主意. GUID以非常可预测且定义明确的方式生成.换句话说，只要有足够的信息，攻击者就可以预测其他用户的密码.

Using GUIDs as passwords is a very bad idea. GUIDs are generated in a very predictable and well defined manner. Or in other words given enough information it would allow an attacker to predict the passwords of other users.

可预测且定义明确的密码生成器与您想要的完全相反.

Predictable and well defined is the exact opposite of what you want in a password generator.

这篇关于将GUID的一部分用作随机密码是否存在安全风险?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！