Computer Engineering and Applications ›› 2011, Vol. 47 ›› Issue (19): 105-107.

• 网络、通信、安全 • Previous Articles     Next Articles

Improvement of remote password authentication scheme based on one-way Hash function

XIANG Jinping1,XIE Qi2   

  1. 1.School of Science,Hangzhou Normal University,Hangzhou 310036,China
    2.School of Information Science and Engineering,Hangzhou Normal University,Hangzhou 310036,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-07-01 Published:2011-07-01

基于Hash函数的远程口令认证方案的改进

项金萍1,谢 琪2   

  1. 1.杭州师范大学 理学院,杭州 310036
    2.杭州师范大学 信息科学与工程学院,杭州 310036

Abstract: It shows that Xue-Kong’s remote password authentication scheme based on one-way Hash function cannot resist undetectable on-line password guessing attack.To overcome the weakness,an improved scheme based on nonce and Hash function is proposed.Technical discussions are provided to show that the improved protocol is secure.

Key words: user authentication, smart cards, mutual authentication, undetectable on-line password guessing attack

摘要: 指出了Xue-Kong的基于单向哈希函数的远程口令认证方案易遭受不可检测在线口令猜测攻击,针对上述安全漏洞,构造了一个基于随机数和Hash函数、使用智能卡的远程口令认证和密钥协商协议。技术分析表明提出的改进方案是安全的。

关键词: 认证, 智能卡, 双向认证, 不可检测在线口令猜测