摘要
阐述了网络安全技术中口令认证系统的工作机制和原理,提出了利用JAVA语言平台无关性、支持多线程、位运算能力强的特点实现OTP系统的具体设计方案及其主要环节的实现方法。其特点是用户每次输入的口令一样,但传递到服务器的登录口令却都不一样,每个登录服务器的口令只使用一次,可以有效地防止网络窃听和口令泄漏。一次性口令(OTP)系统的安全性关键在于MD5这个散列函数的不可逆性和用户密码既不放在服务端也不放在用户端的不可知性。
This paper expounds the working mechanism and theory of password authentication system in the technique of net security; puts forward the method of implementation, making use of the characteristics of irrelevant station, supportive multi-thread and the powerful calculation of bits of JAVA, to implement the specific design programme of OTP system and its key segment. whose distinguishing feature is the same password that user key in each time, while the login password is different when transmitted to server. It can only be used once, which may effectively prevent bugs on the net and the divulgence of password. The crux of the security of OTP system lies in the inflexibility of this hash function MD5 and the unknowability of user's PIN number neither in the server nor in user terminal.
