摘要
文章针对网络安全中的基本问题——用户账号密码安全问题,进行了历时3年的网络身份认证安全性测试分析。测试内容包括中国互联网主要电子邮箱用户账号密码的注册与登录方式以及中国互联网主要商业网站用户账号密码的注册与登录方式。作为比较,还对国外三大电子邮箱Hotmail、Gmail和Yahoo!Mail的账号密码注册与登录认证方式进行了测试分析。研究表明,当前我国互联网的信息安全问题十分严重,用户明文账号密码传输与明文账号密码数据库存储方式是互联网用户账号密码大量泄密的主要技术原因。
Being directed against the basic probIem of information security, i.e. the security of the Internet users’ accounts and their corresponding passwords, an investigation on the security IeveI of inIand network identity authentication has been carried on for 3 years. The investigation focuses on testing the security mechanisms appIied in the registration (create a new account) and sign-in procedures of some dominant inIand Internet EmaiI service providers, and testing the security mechanisms appIied in the registration and sign-in procedures of some dominant inIand Internet E-Business service providers. To make comparisons on the security mechanism with overseas Internet EmaiI service providers, simiIar tests have aIso been carried out on the three dominant Internet EmaiI service providers, nameIy HotmaiI, GmaiI and Yahoo! MaiI. Research resuIts show that, China’s current information security can be IeveIed as very severe, so that some emergent measures must be taken to hoId up the network security as soon as possibIe, and the first and foremost remedy is not to send a user’s username\password over the circuit“in the cIear”any more.
基金
国家自然科学基金项目NSF.61070228与NSF.61472476的连续资助
国防科技大学XXX实验室的大力支持
关键词
互联网
信息安全
账号密码
身份认证
internet
information security
account password
identity authentication
