关键词: 高校, 信息平台, 口令, 传输, 哈希, 挑战应答

Abstract: This paper studies university information platform user password security policies, by analyzing the threats and vulnerabilities faced in the process of password creation, storage and transmission, and password policy, combined with the attacker to steal user passwords may take means of attack, the design of the dynamic mixing of challenge response and salted hash algorithm based on encryption strategy, realize the password in the process of transmission and storage shall not expressly exists, in the cipher text level to achieve a one-time-pad encrypt and irreversible operation, for the user provided password expressly not stolen safety certification process. At last, some suggestions are put forward on password management and user's habit.

Key words: university, information platform, cryptography, transmission, Hash, challenge response