共查询到20条相似文献,搜索用时 314 毫秒
1.
Users frequently reuse their passwords when authenticating to various online services. Combined with the use of weak passwords or honeypot/phishing attacks, this brings high risks to the security of the user’s account information. In this paper, we propose several protocols that can allow a user to use a single password to authenticate to multiple services securely. All our constructions provably protect the user from dictionary attacks on the password, and cross-site impersonation or honeypot attacks by the online service providers. 相似文献
2.
3.
John Charles Gyorffy Andrew F. Tappenden James Miller 《International Journal of Information Security》2011,10(6):321-336
Given that phishing is an ever-increasing problem, a better authentication system is required. We propose a system that uses
a graphical password deployed from a Trojan and virus-resistant embedded device. The graphical password utilizes a personal
image to construct an image hash, which is provided as input into a cryptosystem that returns a password. The graphical password
requires the user to select a small number of points on the image. The embedded device will then stretch these points into
a long alphanumeric password. With one graphical password, the user can generate many passwords from their unique embedded
device. The image hash algorithm employed by the device is demonstrated to produce random and unique 256-bit message digests
and was found to be responsive to subtle changes in the underlying image. Furthermore, the device was found to generate passwords
with entropy significantly larger than that of users passwords currently employed today. 相似文献
4.
5.
6.
《Card Technology Today》2004,16(5):5
A new survey has found that a staggering 71% of office workers polled were willing to reveal their passwords when offered a chocolate bar as a bribe. While this was a less-than-scientific survey, it does demonstrate the real problem facing IT administrators and the benefits to security that a more secure smart card system could bring. 相似文献
7.
Simon Marechal 《Journal in Computer Virology》2008,4(1):73-81
This paper surveys various techniques that have been used in public or privates tools in order to enhance the password cracking
process. After a brief overview of this process, it addresses the issues of algorithmic and implementation optimisations,
the use of special purpose hardware and the use of the Markov chains tool. Experimental results are then shown, comparing
several implementations. 相似文献
8.
对用户的认证是系统安全的核心组成部分之一.基于口令的认证是一种最常用的对用户的认证方法.人们往往选取容易记忆的简单口令,但是它们也容易被攻击.有些图形口令免去了人们记忆口令的烦恼,但是它们要求对用户的培训必须秘密进行,这使得用户设置和修改口令比较困难.提出了一种新的图形口令方案,它利用人们随身携带的普通钥匙作为图形口令,用户通过看看屏幕就可以输入口令,试验表明它简单、易于实现,用户使用起来也十分方便. 相似文献
9.
Computer security has always been an issue, more so in recent years due to global network access. In this paper, we present a simple connectionist algorithm for testing the quality of computer passwords. A popular method of evaluating password quality is to test it against a large dictionary of words and near-words. Our algorithm is an approximate realization of this method. The large dictionary of words is stored in a network in distributed form. All stored words are stable; however, spurious memories may develop. Although there is no easy way to determine exactly which non-word strings become spurious, nor even exactly how many spurious memories form, numerical simulations reveal that the network works well in distinguishing words and near-words from structureless strings. Thus, to evaluate a password, one would present it to the network and, if the network labeled it a memory, the password would be considered bad 相似文献
10.
一个新的动态口令认证方案 总被引:7,自引:1,他引:6
介绍并分析了S/KEY口令认证方案和非对称口令认证方案,针对它们无法抵御劫取连接攻击等安全缺陷,在充分吸收它们设计思想的基础上,提出了一个新的动态口令认证方案,给出了具体注册过程、认证过程及参数选择,并进行了安全性分析。分析可得,新方案可抵御劫取连接等攻击。 相似文献
11.
常用的zip密码恢复软件使用通用处理器进行密码恢复,每秒尝试密码次数少,往往需要很长时间才能找到正确密码。为了提高密码破解效率,提出了GPU平台上的快速ZIP密码恢复算法,针对GPU的特点,重点优化了寄存器使用以及存储器访问,对AES和HMAC算法进行了并行优化,充分发挥了GPU大规模并行运算的优势,并利用ZIP文档格式中的密码校验位提前筛选密码,大部分错误密码都不需要进行后续运算。实验结果表明,恢复AES-128加密的ZIP文档,基于GPU的算法实现了11.09倍的加速比。 相似文献
12.
Tzong-Sun Wu Ming-Lun Lee Han-Yu Lin Chao-Yuan Wang 《International Journal of Information Security》2014,13(3):245-254
The graphical password authentication scheme uses icons instead of text-based passwords to authenticate users. Icons might be somehow more familiar to human beings than text-based passwords, since it is hard to remember the latter with sufficient security strength. No matter what kind of password is used, there are always shoulder-surfing problems. An attacker can easily get text-based password or graphical password by observation, capturing a video or recording the login process. In this paper, we propose a shoulder-surfing-proof graphical password authentication scheme using the convex-hull graphical algorithm. We give evaluation and comparisons to demonstrate the security strength and the functionality advantages of our scheme. 相似文献
13.
14.
15.
16.
17.
18.
19.
《Computers & Security》2007,26(7-8):445-451
Password-based authentication is frequently criticised on the basis of the ways in which the approach can be compromised by end-users. However, a fundamental point in the defence of many users is that they may not know any better, and lack appropriate guidance and support when choosing their passwords and subsequently attempting to manage them. Given that such support could reasonably be expected to come from the systems upon which the passwords are used, this paper presents an assessment of password practices on 10 popular websites, examining the extent to which they provide guidance for password selection, enforce restrictions on password choices, and support easy and effective recovery or reset if passwords are forgotten. The findings reveal that the situation is extremely variable, with none of the assessed sites performing ideally across all of the assessed criteria. Better efforts are consequently required if password practices amongst the general populous are expected to improve. 相似文献
20.
随着QQ号码申请越来越难和QQ号码收费现象的出现,QQ密码被盗现象也越来越严重。随之产生的破解工具也越来越多。若要防范QQ密码被盗,了解QQ密码破解的方法是非常必要的。也许有人寄希望于“QQ密码保护”,但破解者有可能在QQ号码取回之前将“好友”删之一空,使“好友”(QQ号码上能联系的人)发来的消息收不到。本文针对几种常见的QQ密码破解,给出了相应的防范措施。 相似文献