| 基于TOTP的Web改进认证 |
| |
| 引用本文: | 赵建勋.基于TOTP的Web改进认证[J].计算机系统应用,2015,24(9):272-275. |
| |
| 作者姓名: | 赵建勋 |
| |
| 作者单位: | 西安文理学院 数学与计算机工程学院, 西安 710065 |
| |
| 摘 要: | 为了提高TOTP协议应用在Web认证中的安全性, 依照HOTP认证三原则改进了基于TOTP的认证设计. 改进后的认证系统在一个时间窗口内增加了一个认证次数阈值和时间戳用来更好的抗蛮力攻击和重放攻击, 增加随机数和MD5哈希算法轻量化地抵抗中间人攻击. 最后用PHP语言设计了一个安全、实用的Web认证系统.
|
| 关 键 词: | HOTP TOTP 一次性口令 Web认证 攻击 |
| 收稿时间: | 2015/1/15 0:00:00 |
| 修稿时间: | 3/4/2015 12:00:00 AM |
Improved Web Authentication Based on TOTP |
| |
| ZHAO Jian-Xun.Improved Web Authentication Based on TOTP[J].Computer Systems& Applications,2015,24(9):272-275. |
| |
| Authors: | ZHAO Jian-Xun |
| |
| Affiliation: | School of Mathematics and Computer Engineering, Xi'an University, Xi'an 710065, China |
| |
| Abstract: | The paper makes an improved authentication method order by Three-Protocol of HOTP authentication method based on TOTP. The authentication method uses an authentication number threshold and a timestamp to resist brute force attacks and replay attacks, uses a random number and the MD5 encryption resist Man-in-the-Middle attack. Finally, a safe and useful Web authentication protocol is designed by PHP. |
| |
| Keywords: | HOTP TOTP One-time-password Web authentication attacks |
|
| 点击此处可从《计算机系统应用》浏览原始摘要信息 |
|
点击此处可从《计算机系统应用》下载全文 |
