2015复习正是强化复习阶段,在考研英语中占了40分,所以考研英语阅读是英语科目中重要的一项。名师老师曾建议过考研生需要坚持每天泛读10-15分钟的英文原刊。强烈推荐了杂志《经济学人》.杂志中的文章也是考研英语的主要材料来源.希望考研考生认真阅读,快速提高考研英语阅读水平。 Computer passwords 电脑密码 Speak, friend, and enter 说,朋友和进入 Computer passwords need to be memorable andsecure. 电脑密码须具备两个特性:易记及难猜。 Most people s are the first but not the second. 但是大部分人的密码只注重了前者却忽略了后者。 Researchers are trying to make it easier for them to be both 研究人员正努力让两者兼而有之变得更以实现。 PASSWORDS are ubiquitous in computer security. 密码在电脑安全领域的应用相当普遍。 All too often, they are also ineffective. 但他们往往没起什么作用。 A good password has to be both easy to remember and hard to guess, but in practice peopleseem to plump for the former over the latter. 一个好密码必须具备易记及难猜两个特征,而实际上人们好像只注意到了前者而忽略了后者。 Names of wives, husbands and children are popular. 以妻子,丈夫或孩子的名字作为密码的人大有人在。 Some take simplicity to extremes: one former deputy editor of The Economist used z formany years. 有些人的密码简单到了极点:The Economist的一位前副主编多年来一直用Z作密码。 And when hackers stole 32m passwords from a social-gaming website called RockYou, itemerged that 1.1% of the site s users365,000 peoplehad opted either for 123456 or for12345. 当黑客在社交游戏网站盗取了3200万用户的密码后,人们才发现原来这个网站大约1.1%的用户-也就是365,000人-选择了12345或123456作为密码。 That predictability lets security researchers create dictionaries which list commonpasswords, a boon to those seeking to break in. 安全性研究人员于是根据密码的这种可预见性编制了一些罗列处各种常见密码的字典,这对那些有志于破解他人密码的人来说可说是找到了福音。 But although researchers know that passwords are insecure, working out just how insecurehas been difficult. 但即使研究人员已经知道了密码不安全,要确切地给出个不安全系数却是很困难的。 Many studies have only small samples to work ona few thousand passwords at most. 许多研究项目的对象只有一小块样本-最多只有几千个密码。 Hacked websites such as RockYou have provided longer lists, but there are ethical problemswith using hacked information, and its availability is unpredictable. 像Rockyou这样被黑的网站能够提供更多的密码,但使用黑客盗取的密码不仅会引发道德问题上的争议,其可行性也是未知的。 However, a paper to be presented at a security conference held under the auspices of theInstitute of Electrical and Electronics Engineers, a New York-based professional body, inMay, sheds some light. 然而,在五月份由总部位于纽约的一个专业组织-电气电子协会支持下召开了一场安全性研讨会议,会上公布的一份文件让我们看到了解决这个难题的一丝曙光。 With the co-operation of Yahoo!, a large internet company, Joseph Bonneau of CambridgeUniversity obtained the biggest sample to date70m passwords that, though anonymised,came with useful demographic data about their owners. 在一家大型网络公司-雅虎的协助下,剑桥大学的Joseph Bonneau得到了一份迄今为止最大的研究样本,虽然是匿名的,但是包含了其用户极为有用的人口学数据。 Mr Bonneau found some intriguing variations. 在这份样本中Mr Bonneau发现了一些有趣的差异。 Older users had better passwords than young ones. 相较于年轻用户,老用户设置的用户更好。 People whose preferred language was Korean or German chose the most secure passwords;those who spoke Indonesian the least. 母语为韩语或德语的用户所设置的密码安全系数最高,而说印尼语的最低。 Passwords designed to hide sensitive information such as credit-card numbers were onlyslightly more secure than those protecting less important things, like access to games. 被设置用来隐藏像信用卡卡号这样的敏感信息的密码,相比较于另外一些保护游戏登录入口这样不那么重要的信息所设置的密码,其安全性高不了多少。 Nag screens that told users they had chosen a weak password made virtually no difference. 那些提醒用户设置的密码安全性较低的唠叨屏幕其实没有什么作用。 And users whose accounts had been hacked in the past did not make dramatically moresecure choices than those who had never been hacked. 相对于那些从没被黑过的,有过账户被黑经验的用户的安全防范意识也并没得到显著提高。 But it is the broader analysis of the sample that is of most interest to security researchers. 但是,对研究样本进行更为综合性的分析才是安全性研究人员的兴趣所在。 For, despite their differences, the 70m users were still predictable enough that a genericpassword dictionary was effective against both the entire sample and any demographicallyorganised slice of it. 因为尽管存在各种差异,但是通过分析样本中那7000万用户的资料还是可以预见到,一部通用的密码暴力破解字典就能够有效应付这一整个样本,或者任何根据某项人口学特征而从中抽取的一小块资料。 Mr Bonneau is blunt: An attacker who can manage ten guesses per accountwillcompromise around 1% of accounts. Mr Bonneau直言不讳地说:只要每个账号给破解者10次猜测密码的机会...会有大约1%的密码被破解。 And that, from the hacker s point of view, is a worthwhile outcome. 这在黑客看来绝对值得一试。 One obvious answer would be for sites to limit the number of guesses that can be madebefore access is blocked, as cash machines do. 对网站而言,很显然,他们可以在系统上进行类似于ATM机的设置:一旦密码输入错误次数达到规定者,即封锁登录入口。 Yet whereas the biggest sites, such as Google and Microsoft, do take such measures,many donot. 然而,只有谷歌、微软这样的大型网站采取了类似的措施,很多其他网站对此不以为意。 A sample of 150 big websites examined in 2010 by Mr Bonneau and his colleague SrenPreibusch found that 126 made no attempt to limit guessing. 在2010年,Mr Bonneau和他的同事Sren Preibusch曾对一份囊括了150家大型网站的样本做过调查,结果显示其中126家并没有对密码输入错误次数作出限制。 How this state of affairs arose is obscure. 这种状况的状况的出现实在是令人费解。