如何生成与日期相关的密码?
我正在寻找一种简单的方法来生成密码,该密码只能在有限的时间内使用一次,例如 1 天、1 周、1 个月。这必须在没有连接的应用程序中实现,因此不可能使用服务器。用例是这样的: 1. 生成特定日期和时间长度的密码。 2. 发送给用户(电子邮件、电话等)。 3. 用户进入应用程序。 4. 应用程序在特定时间启用。 5. 密码不能重复使用,即使在另一台电脑上也是如此。
我假设执行此操作的唯一方法是生成仅在特定日期集之间有效的密码。谁能推荐一个可以做到这一点的算法?它不必非常安全,而且我知道您可以通过重置 PC 上的时间来破解这个问题!
谢谢。
I'm looking for a simple way to generate passwords that will only work once for a limited amount of time, e.g. 1 day, 1 week, 1 month. This has to be implemented in an application that has no connectivity so a server isn't possible. The use case is something like:
1. Generate password for a specific date and length of time.
2. Send to user (email, phone, etc).
3. User enters in application.
4. Application is enabled for a specific time.
5. Password cannot be reused, even on another PC.
I'm assuming the only way to do this is to generate passwords that only work between a specific set of dates. Can anyone recommend an algorithm that can do this? It doesn't have to be incredibly secure, and I know you can crack this by resetting the time on the PC!
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我知道我迟到了,但无论如何我都会提供我的建议,以防其他需要它的人找到这里。
为了防止它在另一台 PC 上使用,您可以使用 MAC 地址或硬件地址。但是,这取决于检查密码时网络硬件仍然可用。请确保您使用将检查密码的机器的硬件地址。
要限制某个到期日期,只需使用到期日期的文本字符串即可。
只需使用散列函数对组合到期日期、硬件地址和密钥进行散列即可。在哈希输出中添加到期日期的前缀或后缀。
在上面的例子中,我在哈希值前加上了到期日期。因此,当我们检查密码时,我们只需从密码中提取到期日期,使用相同的函数生成相同的密码。如果生成的密码与提供的密码匹配,则绿灯亮起。
输出密码示例:
如果无法获取硬件地址,则只需使用客户的名称即可。它不会阻止密码在多台计算机上使用,但会确保同一个人在使用它。
I know I'm late but I'll provide my advice anyway in case someone else who needs it found their way here.
To prevent it being used on another PC, you could probably use the MAC address or hardware address. However, this is subject to the network hardware being still available when checking the password. Please make sure you use the hardware address of the machine where the password will be checked.
To limit it by some expiry date simply use the text string of the expiry date.
Simply use a hash function to hash the combine expiry date, hardware address and a secret key. Prefix or suffix the hash output with the expiry date.
In the case above, i prefix the hash with the expiry date. So, when we check the password, we simply extract the expiry date from the password, use the same function to generate the same password. If the generated password match the provided password, then you have green light.
Sample output password:
If you can't get the hardware address, then simply use the customer's name. It won't prevent the password from being used in multiple machines, but it will ensure that the same person is using it.
您的应用程序应该具有诸如密码有效性之类的属性
,然后在您的应用程序中您可以验证您的密码是否已过期
Your application should have a attribute like validity for the password something like this
and then in your application you can validate that your password has expired or not
通过您喜欢的任何方法(单词列表、随机字母等)生成密码。将它们放入某种数据结构中,例如关联数组,您可以在其中将日期与每个密码关联起来。然后,您在分发密码的程序中查阅该数据结构,以给出具有正确到期日期的密码。客户端程序具有相同的密码和日期列表,因此当它获取密码时,它只是查找相关的到期日期。
Generate passwords by any method you'd like (a word list, random letters, etc). Put them into some data structure, like an associative array, where you can associate a date with each password. Then you consult this data structure in the program that hands out passwords to give one out with the proper expiration date. The client program has the same list of passwords and dates, so when it gets a password, it just looks up the associated expiration date there.