信息安全研究 ›› 2016, Vol. 2 ›› Issue (6): 533-536.

• 电子认证专题 • 上一篇    下一篇

高校信息平台用户口令安全策略研究

韩霖   

  1. 对外经济贸易大学信息化管理处北京
  • 收稿日期:2016-06-15 出版日期:2016-06-15 发布日期:2016-06-15
  • 通讯作者: 韩霖
  • 作者简介:硕士研究生,助理工程师,主要研究方向为信息安全、软件工程.

Research on Security Policy of Information Platform User's Password in University

  • Received:2016-06-15 Online:2016-06-15 Published:2016-06-15

摘要: 研究了高校信息平台用户口令安全策略,通过分析口令在创建、存储和传输过程中面临的威胁以及口令策略存在的脆弱性,并结合攻击者为了窃取用户口令可能采取的攻击手段,设计了基于挑战应答和加盐哈希运算的动态混合加密策略,实现口令在传输与存储过程中一律不以明文存在,在密文层次实现一次一密且运算不可逆,为用户提供口令明文不会被窃取的安全的认证过程.最后提出了在口令管理和用户习惯上的一些建议,作为利用技术手段保护用户口令的补充.

关键词: 高校, 信息平台, 口令, 传输, 哈希, 挑战应答

Abstract: This paper studies university information platform user password security policies, by analyzing the threats and vulnerabilities faced in the process of password creation, storage and transmission, and password policy, combined with the attacker to steal user passwords may take means of attack, the design of the dynamic mixing of challenge response and salted hash algorithm based on encryption strategy, realize the password in the process of transmission and storage shall not expressly exists, in the cipher text level to achieve a one-time-pad encrypt and irreversible operation, for the user provided password expressly not stolen safety certification process. At last, some suggestions are put forward on password management and user's habit.

Key words: university, information platform, cryptography, transmission, Hash, challenge response