摘要
口令认证技术是最常用的身份认证技术,它可分为两类:静态口令和动态口令。介绍了PostgreSQL口令认证的原理,虽然PostgreSQL口令认证机制在一定程度上采用了动态口令认证方式,但是其口令认证方式仍然存在不能抵抗字典攻击以及冒充攻击等局限性。其次基于椭圆曲线,对PostgreSQL口令认证机制进行了改进,提出了一种可以弥补PostgreSQL口令认证机制存在上述漏洞的改进方案。结果表明改进方案能够进行双向认证,有效地防止冒充攻击、重放攻击和字典攻击,提高了PostgreSQL口令认证机制的安全性。
Password authentication as one of technology of identifyauthentication is most frequently adopted. It is sorted into two classes: static password authentication and dynamic password authentication. Firstly the theory of password authentication of PostgreSQL is in- troduced, though PostgreSQL password authentication adpotes the dynamic password authentication in some extent, the PostgreSQL dynamic password authentication still can' t resist dictionary attack and imitate attack and so on. Then a improved scheme of password authentication of PostgreSQL based on ECC is proposed. The improved scheme can realizes the mutual authentication between client and server, conquers the password authentication problems of PostgreSQL.
出处
《计算机工程与设计》
CSCD
北大核心
2009年第7期1603-1604,1752,共3页
Computer Engineering and Design
基金
中国大学数字博物馆基金项目(505004)
中国数字科技馆基金项目(2005DKA64300)