| 一个远程口令鉴别方案的分析 |
| |
| 作者姓名: | 方根溪 戴宗铎 杨君辉 |
| |
| 作者单位: | 1. 中国科学技术大学研究生院信息安全国家重点实验室, 北京 100039;
2. 中国科学院软件所, 北京 100080 |
| |
| 基金项目: | 973基金资助项目(G1999035804);国家自然科学基金资助项目(60173016) |
| |
| 摘 要: | 对谭凯军等提出的基于矢积的远程口令鉴别方案进行了安全性分析,指出攻击者为了冒充用户的登录请求,只须截获该用户的两次登录请求,或者只须再申请一张智能卡,取出其中有关信息后截获一次登录请求,因而该方案不安全.针对上述两种攻击,也对该方案提出了一些修改意见.
|
| 关 键 词: | 远程口令鉴别 智能卡 时间标志 Hash函数 |
| 收稿时间: | 2002-06-03 |
Cryptanalysis of a Remote Password Authentication Scheme |
| |
| Authors: | FANG Gen-Xi DAI Zong-Duo YANG Jun-Hui |
| |
| Institution: | 1. SKLOIS, Graduate School of USTC, Beijing 100039;
2. Institute of Software, CAS, Beijing 100080 |
| |
| Abstract: | This paper analyzes the security of Tan's scheme for remote password authentication based on cross-product. We point out that to impersonate one user's log-in reguest, the intruders need only to know the user's two log-in requests, or need only to know one log-in request after booking a smart card and getting some useful information from it, so the scheme is not secure. Some modifications to Tan's scheme for avoiding the above two kinds of possible attacks are given. |
| |
| Keywords: | remote password authentication smart card time stamp Hash function |
|
| 点击此处可从《》浏览原始摘要信息 |
| 点击此处可从《》下载免费的PDF全文 |
|
