GUID是好的密码吗? [英] Are GUIDs good passwords?

问题描述

优点:

1. 我还是不记得好"密码 ，所以记住它们不是问题.
2. 它们看起来不像密码
3. 它们几乎无法猜测(128位熵)
4. 易于生成(减轻了良好的PRNG"问题)

缺点:

1. ???

尤其是；对于计算机输入的密码，例如在某些设置上的数据库登录，该怎么办?

In particular; what about for passwords that computers enter like for databases logins on some setups.

推荐答案

一个主要的缺点是，您不一定具有原始问题中所述的"128位熵".

One major con is that you don't necessarily have "128 bits of entropy" as stated in the original question.

许多GUID算法都以可预测的模式嵌入信息，例如计算机的MAC地址，日期/时间或递增顺序. WinAPI GUID的密码分析显示，给定初始状态，就可以预测UuidCreate函数返回的下一个25万个GUID.

Many GUID Algorithms have information embedded in them in predictable patterns, for example the MAC address of the computer, the date/time, or an incrementing sequence. Cryptanalysis of the WinAPI GUID has shown given the initial state one can predict up to next 250,000 GUIDs returned by the function UuidCreate

例如，我大概有50％的机会猜测第三组数字的第一位的第一位数字，因为它是1(对于V1引导)或4(对于V4引导)

For example, I have about a 50% chance of guessing the first digit in the first position of the third group of digits since it will be either 1 (for V1 guids) or 4 (for V4 guids)

来源: http://en.wikipedia.org/wiki/Globally_Unique_Identifier

这篇关于GUID是好的密码吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！