Computer Engineering and Applications ›› 2009, Vol. 45 ›› Issue (25): 118-120.DOI: 10.3778/j.issn.1002-8331.2009.25.036

• 网络、通信、安全 • Previous Articles     Next Articles

Improved against off-line dictionary attack password change protocol

LUO Xuan,CAO Tian-jie   

  1. School of Computer,Nanhu,China University of Mining and Technology,Xuzhou,Jiangsu 221116,China
  • Received:2009-04-27 Revised:2009-06-08 Online:2009-09-01 Published:2009-09-01
  • Contact: LUO Xuan

改进的抵抗离线字典攻击的口令更新协议

罗 璇,曹天杰   

  1. 中国矿业大学(南湖校区) 计算机科学与技术学院,江苏 徐州 221116
  • 通讯作者: 罗 璇

Abstract: Password authentication is the simplest,most convenient and most widely used means of authentication.Recently,Tsaur and some others point out that the password change protocol which is presented by Chang presents the denial-of-service attacks and cannot provide backward secrecy.Then,they present an improved password change mechanism which is claimed to be secure.Their protocol is analysed to show that their improved password change mechanism fails to against the off-line dictionary attack and cannot provide backward secrecy and forward secrecy.Finally,an improved against off-line dictionary attack password change protocol is proposed,which can resist off-line dictionary attack and provide backward secrecy and forward secrecy.

Key words: authentication, password change, off-line dictionary attacks, forward secrecy, backward secrecy

摘要: 口令认证是最简单,方便和应用最广泛的一种用户认证方式。最近,Tsaur等人指出了Chang等人的口令更新协议存在拒绝服务攻击并且不能提供口令的后向安全。随后,他们给出了一种改进的口令更新协议,并声称该协议是安全的。文中,分析了Tsaur等人的口令更新协议,指出了其方案是易受离线字典攻击的,且不能提供口令的前向和后向安全性。最后,提出一种改进的口令更新协议,并分析其安全性。

关键词: 认证, 口令更新, 离线字典攻击, 前向安全, 后向安全

CLC Number: