Momwe mungaletsere passwords wamba ndikupangitsa kuti aliyense azidana nanu

Munthu, monga mukudziwa, ndi cholengedwa chaulesi.
Ndipo makamaka pankhani yosankha mawu achinsinsi amphamvu.

Ndikuganiza kuti woyang'anira aliyense adakumanapo ndi vuto logwiritsa ntchito mawu achinsinsi opepuka komanso okhazikika. Chodabwitsa ichi nthawi zambiri chimapezeka pakati pa otsogolera makampani. Inde, inde, makamaka pakati pa omwe ali ndi zidziwitso zachinsinsi kapena zamalonda ndipo sikungakhale koyenera kuthetsa zotsatira za kutulutsa mawu achinsinsi / kubera ndi zina.

M'zochita zanga, panali vuto pomwe, mu Active Directory domain yokhala ndi mawu achinsinsi omwe adathandizidwa, owerengera ndalama adafika pamalingaliro oti mawu achinsinsi ngati "Pas$w0rd1234" amagwirizana bwino ndi zomwe akufuna. Zotsatira zake zinali kufala kwa mawu achinsinsi amenewa kulikonse. Nthawi zina ankangosiyana manambala ake.

Ndinkafuna kuti ndithe osati kuloleza mawu achinsinsi ndi kutanthauzira zilembo, komanso kusefa ndi mtanthauzira mawu. Kupatula mwayi wogwiritsa ntchito mawu achinsinsi otere.

Microsoft imatiuza mokoma mtima kudzera pa ulalo kuti aliyense amene amadziwa kuyika compiler, IDE molondola m'manja mwake ndipo amadziwa kutchula C ++ molondola, amatha kupanga laibulale yomwe amafunikira ndikuigwiritsa ntchito molingana ndi kumvetsetsa kwawo. Wantchito wanu wodzichepetsa sangathe kuchita izi, choncho ndinayenera kuyang'ana njira yokonzekera.

Pambuyo pa ola lalitali lofufuza, njira ziwiri zothetsera vutoli zidawululidwa. Inde, ndikulankhula za yankho la OpenSource. Kupatula apo, pali zosankha zolipira - kuyambira koyambira mpaka kumapeto.

Njira yachiwiri. OpenPasswordFilter

Sipanakhalepo ntchito kwa zaka pafupifupi 2. Woyikira mbadwa amagwira ntchito nthawi ndi nthawi, muyenera kukonza pamanja. Imapanga ntchito zakezake zosiyana. Mukakonza fayilo yachinsinsi, DLL simangotenga zomwe zasinthidwa; muyenera kuyimitsa ntchitoyo, dikirani nthawi yopuma, sinthani fayilo, ndikuyamba ntchitoyo.

Palibe ayezi!

Njira yachiwiri. Chithunzi cha PassFiltEx

Ntchitoyi ikugwira ntchito, yamoyo ndipo palibe chifukwa chowombera thupi lozizira.
Kuyika fyuluta kumaphatikizapo kukopera mafayilo awiri ndikupanga zolemba zingapo zolembera. Fayilo yachinsinsi ilibe loko, ndiko kuti, ikupezeka kuti isinthidwe ndipo, malinga ndi lingaliro la wolemba pulojekitiyi, imawerengedwa kamodzi pamphindi. Komanso, pogwiritsa ntchito zolembera zowonjezera, mutha kupititsa patsogolo zonse zosefera zokha komanso ma nuances achinsinsi.

Kotero
Zaperekedwa: Active Directory domain test.local
Windows 8.1 test workstation (yosafunikira pa cholinga cha vuto)
Zosefera zachinsinsi PassFiltEx

• Tsitsani kutulutsa kwaposachedwa kuchokera pa ulalo Chithunzi cha PassFiltEx
• Koperani PassFiltEx.dll в C: WindowsSystem32 (kapena %SystemRoot%System32).
  Koperani PassFiltExBlacklist.txt в C: WindowsSystem32 (kapena %SystemRoot%System32). Ngati ndi kotheka, timawonjezera ndi ma template athu
  
• Kusintha nthambi ya registry: HKLMSYSTEMCurrentControlSetControlLsa => Zidziwitso Phukusi
  Onjezani Chithunzi cha PassFiltEx mpaka kumapeto kwa ndandanda. (Kuwonjezako sikuyenera kufotokozedwa.) Mndandanda wathunthu wa mapaketi omwe amagwiritsidwa ntchito posanthula uwoneka motere "rassfm scecli PassFiltEx".
  
• Yambitsaninso domain controller.
• Timabwereza ndondomeko yomwe ili pamwambayi kwa olamulira onse.

Mukhozanso kuwonjezera zolembera zotsatirazi, zomwe zimakupatsani kusinthasintha kogwiritsa ntchito fyuluta iyi:

Mutu: HKLMSOFTWAREPassFiltEx - amapangidwa zokha.

• HKLMSOFTWAREPassFiltExBlacklistFileName, REG_SZ, Zofikira: PassFiltExBlacklist.txt

  BlacklistFileName - imakupatsani mwayi wofotokozera njira yopita ku fayilo yokhala ndi ma templates achinsinsi. Ngati cholembera ichi chilibe kanthu kapena kulibe, ndiye kuti njira yokhazikika imagwiritsidwa ntchito, yomwe ndi - %SystemRoot%System32. Mutha kufotokozeranso njira ya netiweki, KOMA muyenera kukumbukira kuti fayilo ya template iyenera kukhala ndi zilolezo zomveka zowerengera, kulemba, kufufuta, kusintha.

• HKLMSOFTWAREPassFiltExTokenPercentageOfPassword, REG_DWORD, Zofikira: 60

  TokenPercentageOfPassword - imakupatsani mwayi wofotokozera kuchuluka kwa chigoba mu mawu achinsinsi atsopano. Mtengo wokhazikika ndi 60%. Mwachitsanzo, ngati chiwerengero cha zochitika ndi 60 ndipo chingwe cha starwars chili mu fayilo ya template, ndiye mawu achinsinsi. Nyenyezi 1! adzakanidwa pamene achinsinsi nyenyezi1!DarthVader88 adzavomerezedwa chifukwa kuchuluka kwa chingwe mu mawu achinsinsi ndi ochepera 60%

• HKLMSOFTWAREPassFiltExRequireCharClasses, REG_DWORD, Zofikira: 0

  RequireCharClasses - imakulolani kuti muwonjezere zofunikira zachinsinsi poyerekeza ndi zofunikira zachinsinsi za ActiveDirectory. Zofunikira zomangika zimafunikira 3 mwa mitundu isanu yamitundu yosiyanasiyana: Makalata Aakulu, Ocheperako, Digiti, Wapadera, ndi Unicode. Pogwiritsa ntchito cholembera ichi, mutha kukhazikitsa zofunikira zanu zachinsinsi. Mtengo womwe ungatchulidwe ndi seti ya ma bits, iliyonse yomwe ili ndi mphamvu yofananira ya ziwiri.
  Ndiko kuti - 1 = zilembo zazing'ono, 2 = zilembo zazikulu, 4 = manambala, 8 = zilembo zapadera, ndi 16 = zilembo za Unicode.
  Chifukwa chake ndi mtengo wa 7 zofunikira zitha kukhala "Upper Case" AND zilembo zazing'ono AND manambala", komanso mtengo wa 31 - "Zapamwamba AND chochepa AND chiwerengero AND chizindikiro chapadera AND Unicode character."
  Mutha kuphatikiza - 19 = "Zapamwamba AND chochepa AND Unicode character."

• 

Malamulo angapo popanga fayilo ya template:

• Ma templates ndi osakhudzidwa. Chifukwa chake, tsegulani fayilo nyenyezi za nyenyezi и Zithunzi za StarWarS zidzatsimikiziridwa kukhala mtengo womwewo.
• Fayilo ya blacklist imawerengedwanso masekondi 60 aliwonse, kotero mutha kuyisintha mosavuta; pakatha mphindi imodzi, deta yatsopano idzagwiritsidwa ntchito ndi fyuluta.
• Pakadali pano palibe chithandizo cha Unicode pakufananitsa mapatani. Ndiye kuti, mutha kugwiritsa ntchito zilembo za Unicode pama password, koma zosefera sizigwira ntchito. Izi sizofunikira, chifukwa sindinawone ogwiritsa ntchito mawu achinsinsi a Unicode.
• Ndikoyenera kuti musalole mizere yopanda kanthu mufayilo ya template. Mu debug mutha kuwona cholakwika mukatsitsa deta kuchokera pafayilo. Zosefera zimagwira ntchito, koma bwanji zopatula zina?

Pochotsa zolakwika, zosungidwazo zimakhala ndi mafayilo a batch omwe amakulolani kuti mupange chipika ndikuchigawa pogwiritsa ntchito, mwachitsanzo, Microsoft Message Analyzer.
Zosefera zachinsinsizi zimagwiritsa ntchito Kutsata Zochitika pa Windows.

Wopereka ETW wa fyuluta yachinsinsiyi ndi 07d83223-7594-4852-babc-784803fdf6c5. Chifukwa chake, mwachitsanzo, mutha kukonza zotsatizana pambuyo poyambitsanso zotsatirazi:
logman create trace autosessionPassFiltEx -o %SystemRoot%DebugPassFiltEx.etl -p "{07d83223-7594-4852-babc-784803fdf6c5}" 0xFFFFFFFF -ets

Kutsata kudzayamba pambuyo poyambitsanso dongosolo lotsatira. Kuyimitsa:
logman stop PassFiltEx -ets && logman delete autosessionPassFiltEx -ets
Malamulo onsewa afotokozedwa m'malemba StartTracingAtBoot.cmd и StopTracingAtBoot.cmd.

Kuti muwone nthawi imodzi ya ntchito ya fyuluta, mungagwiritse ntchito StartTracing.cmd и StopTracing.cmd.
Kuti muwerenge mosavuta kutha kwa zosefera izi Microsoft Message Analyzer Ndibwino kugwiritsa ntchito zoikamo zotsatirazi:

Poyimitsa mitengo ndikulowa Microsoft Message Analyzer zonse zikuwoneka motere:

Apa mutha kuwona kuti panali kuyesa kukhazikitsa mawu achinsinsi kwa wogwiritsa ntchito - mawu amatsenga amatiuza izi Ikani mu debug. Ndipo mawu achinsinsi anakanidwa chifukwa cha kupezeka kwake mu fayilo ya template ndi machesi oposa 30% m'malemba omwe adalowa.

Ngati kuyesa kusintha mawu achinsinsi kutheka, tikuwona zotsatirazi:

Pali zovuta zina kwa wogwiritsa ntchito. Mukayesa kusintha mawu achinsinsi omwe akuphatikizidwa pamndandanda wa fayilo ya ma templates, uthenga womwe uli pawindo suli wosiyana ndi uthenga wokhazikika pamene ndondomeko yachinsinsi sichidutsa.

Chifukwa chake, khalani okonzekera kuyimba ndi kufuula: "Ndalemba mawu achinsinsi molondola, koma sizikugwira ntchito."

Zotsatira.

Laibulale iyi imakupatsani mwayi woletsa kugwiritsa ntchito mawu achinsinsi osavuta kapena odziwika mu Active Directory domain. Tinene kuti "Ayi!" mawu achinsinsi monga: “P@ssw0rd”, “Qwerty123”, “ADm1n098”.
Inde, ndithudi, ogwiritsa ntchito adzakukondani kwambiri chifukwa chosamalira chitetezo chawo komanso kufunikira kokhala ndi mawu achinsinsi okhudza maganizo. Ndipo, mwinamwake, chiwerengero cha mafoni ndi zopempha thandizo ndi achinsinsi anu adzachuluka. Koma chitetezo chimabwera pamtengo.

Maulalo kuzinthu zomwe zimagwiritsidwa ntchito:
Nkhani ya Microsoft yokhudza laibulale yosefera mawu achinsinsi: Zosefera Achinsinsi
PassFiltEx: Chithunzi cha PassFiltEx
Ulalo wotulutsa: Kutulutsa Kwatsopano
Mndandanda wa mawu achinsinsi:
DanielMiessler adalemba: Lumikizani.
Mndandanda wa mawu kuchokera weakpass.com: Lumikizani.
Mndandanda wa mawu kuchokera ku berzerk0 repo: Lumikizani.
Microsoft Message Analyzer: Microsoft Message Analyzer.

Source: www.habr.com