kali自带的用户密码字典
Passwords are one of the most common ways we access our digital accounts. Having secure passwords is crucial and represents one of the most important aspects that we need to pay attention to. As developers, we also need to make sure that we provide our services with a high level of security.
密码是我们访问数字帐户的最常见方式之一。 拥有安全的密码至关重要,它代表了我们需要注意的最重要方面之一。 作为开发人员,我们还需要确保我们为我们的服务提供高度的安全性。
In 2017, the NIST (National Institute of Standards and Technology) recommended checking user passwords against existing public breaches of data. Fortunately, there exists an API that allows you to do that really easily.
2017年, 美国国家标准与技术研究院(NIST)建议检查用户密码以防止现有的公共数据泄露。 幸运的是,存在一个API,可让您真正轻松地做到这一点。
The Pwned Passwords API is a service that you can use to check whether a password has been exposed as part of a number of data breaches that have occurred in the past. This data contains more than 500 million passwords that have been used before.
Pwned Passwords API是一项服务,可用于检查密码是否已作为过去发生的许多数据泄露的一部分被公开。 此数据包含之前已使用的超过5亿个密码。
You can install this in your Ruby applications using the following gem as a wrapper: gem 'pwned'
.
您可以使用以下gem作为包装将其安装在Ruby应用程序中: gem 'pwned'
。
After you have installed it, you can create a new Pwned::Password
object and then check if it has been breached:
安装它之后,您可以创建一个新的Pwned::Password
对象,然后检查它是否已被破坏:
You can also check how many times the password appears in the dataset:
您还可以检查密码在数据集中出现多少次:
As you may be using this service as part of the sign-up process, you are supposed to also take into consideration the fact that this service may not be working sometimes.
由于您可能在注册过程中使用了此服务,因此您还应考虑到该服务有时可能无法正常工作的事实。
You can also make this API call a lot easier using the following:
您还可以使用以下命令使此API调用容易得多:
Most of the time, you only care if the password has been pwned before or not. You can use simplified accessors to check whether the password has been pwned or how many times it was pwned:
在大多数情况下,您只关心密码是否曾经被伪造过。 您可以使用简化的访问器来检查密码是否已被伪造或被伪造了多少次:
You can also validate your models:
您还可以验证模型:
You can even set a threshold that you believe should be used to warn a user about a password that has been breached. For example, you may think that a password that has appeared only two times is not a problem:
您甚至可以设置一个阈值,您认为应该使用该阈值来警告用户有关已被破坏的密码。 例如,您可能认为只出现过两次的密码不是问题:
If you are using Devise
for your authentication, there is another gem prepared specifically for this. You can learn more about this gem and its implementation by visiting its Github page.
如果您使用的是Devise
为了进行身份验证,还专门为此准备了另一个宝石 。 您可以通过访问Github页面了解有关该gem及其实现的更多信息。
kali自带的用户密码字典