摘要
在近期有关使PAKE协议具备可审计性的研究工作中,认识到在要求针对不同用途使用不同口令的情况下,有对于人类用户极不易出错的口令的需要.提出一种构建口令的方式来达到同样的效果,尽管没有直接解决上述问题,但在总体上使口令猜测攻击更容易检测并使攻击获益降低.提出一种工具来帮助用户挑选合规口令,继而仅将合规口令作为值得传递给服务器的口令.
In recent work on making PAKE protocols auditable,we identified the need for passwords that human users were extremely unlikely to make a mistake with.The context meant that users had to use different passwords for different purposes.While not solving that problem,the present paper finds a way to structure passwords to achieve the same effect while in general making password guessing attacks more detectable and less profitable.We propose a tool to help users pick compliant passwords,and then only treat compliant passwords as worth passing on to the server.
作者
A.W.Roscoe
陈邦道
Chen Bangdao(Chieftin Laboratory, Shenzhen, Guangdong 518028)
出处
《信息安全研究》
2017年第10期879-883,共5页
Journal of Information Security Research
基金
深圳罗湖区产业转型升级专项资金项目
关键词
口令
安全
口令格式
双重检测
低误警率
password
security
password criteria
two-folder verification
low false-warning probability