摘要
Kerberos是一个成熟的产品,广泛应用于金融、邮电、保险等行业。但仍存在一些隐患,例如:重放攻击、密码猜测、会话中选择明文攻击等等。该文针对Kerberos系统登录时可能遭到密码猜测,即所谓的离线字典攻击(Off line Dictionary Attack)的问题,提出一种基于椭圆曲线的零知识证明方法对系统进行改进,并给出相应的协议。
Kerberos system is a mature product used in many fields,for instance: finance, post, insurance. But it still has some security hidden troubles, for instance:replay attack, password guessing, inter-session chosen plaintext attacks. This paper talks about the offline dictionary attack.It puts forward a zero knowledge password authentication based on ellipse curve after comparing with the current manner and improves the system.
出处
《计算机工程》
CAS
CSCD
北大核心
2002年第10期143-144,171,共3页
Computer Engineering
