摘要
研究了高校信息平台用户口令安全策略,通过分析口令在创建、存储和传输过程中面临的威胁以及口令策略存在的脆弱性,并结合攻击者为了窃取用户口令可能采取的攻击手段,设计了基于挑战应答和加盐哈希运算的动态混合加密策略,实现口令在传输与存储过程中一律不以明文存在,在密文层次实现一次一密且运算不可逆,为用户提供口令明文不会被窃取的安全的认证过程.最后提出了在口令管理和用户习惯上的一些建议,作为利用技术手段保护用户口令的补充.
This paper studies university information platform user password security policies, by analyzing the threats and vulnerabilities faced in the process of password creation, storage and transmission, and password policy, combined with the attacker to steal user passwords may take means of attack, the design of the dynamic mixing of challenge response and salted hash algorithm based on encryption strategy, realize the password in the process of transmission and^torage shall not expressly exists, in the cipher text level to achieve a one-time-pad encrypt and irreversible operation, for the user provided password expressly not stolen safety certification process. At last,some suggestions are put forward on password management and user's habit.
出处
《信息安全研究》
2016年第6期533-536,共4页
Journal of Information Security Research
关键词
高校
信息平台
口令
传输
哈希
挑战应答
university
information platform
cryptography
transmission
Hash
challengeresponse
