摘要
分析了一种基于随机数和Hash函数的认证方案(NHRA)的认证过程,发现该方案存在着远程主机上容易泄露用户身份信息的安全问题。针对该问题,构造了一个基于随机数和Hash函数、隐蔽用户身份信息远程身份认证方案。该方案允许用户自主选择和更改口令、能够抵御假冒远程主机攻击、抵御假冒合法用户攻击,对用户身份信息认证更加安全有效。
Analysing process of a authentication scheme(NHRA) which is based on nonce and hash function,it is found in the scheme exists user information disclosure security problem on remote server.To solve the problem,a scheme is demonstrated,which is based-on nonce and hash,hidden information of user and remote host login.Users freely choose and change password at their own will.They can resists masquerading remote system attack and legitimate user attack,user identity authentication is more safe and effective.
出处
《阜阳师范学院学报(自然科学版)》
2010年第3期62-65,共4页
Journal of Fuyang Normal University(Natural Science)
关键词
身份认证
信息隐蔽
口令
智能卡
authentication
hidden information
password
smart cards