| 一种基于口令的防窃取私钥保护协议① |
| |
| 引用本文: | 王耀民,王立斌. 一种基于口令的防窃取私钥保护协议①[J]. 计算机系统应用, 2010, 19(7): 65-68 |
| |
| 作者姓名: | 王耀民 王立斌 |
| |
| 作者单位: | 华南师范大学计算机学院,广东广州,510631 |
| |
| 摘 要: | 现代密码体制中,加密算法是公开的。因此数据安全取决于用户私钥的保护。目前彩的最为广泛的私钥保存方案是使用用户密码将私钥加密后保存在用户设备上,但是这种记法不能够抵抗攻击者在获取用户设备后,对其使用离线字典攻击。根据对一种现有的能够防窃取的用户设备与服务器联合签名的(S-RSA)协议的分析,提出一种新的基于口令的私钥保护(SS—RSA)协议,该协议通过用户设备与服务器联合对文件进行解密。能够有效的保护用户私钥的安全,并解决了S—RSA协议不能够抵抗拒绝服务攻击和用户票据取消后。用户私钥无法恢复的缺点。
|
| 关 键 词: | 私钥保护 口令 私钥安全 |
| 收稿时间: | 2009-11-03 |
| 修稿时间: | 2009-12-26 |
A Protocol Based on Password Resilient to Devices Capture |
| |
| WANG Yao-Min and WANG Li-Bin. A Protocol Based on Password Resilient to Devices Capture[J]. Computer Systems& Applications, 2010, 19(7): 65-68 |
| |
| Authors: | WANG Yao-Min and WANG Li-Bin |
| |
| Affiliation: | (Computer School, South China Normal Univercity, Guangzhou 510631, China) |
| |
| Abstract: | The cryptographic algorithm is public in modern cryptography. The security of user's file relies on the protection of the user's private key. Common practice of protecting private key is to encrypt it with a password and store it in the user's device. However, the private key is vulnerable to offline dictionary attack when the device is captured by an adversary. In this paper, we analyze the S-RSA protocol and propose an SS-RSA protocol which can resolve the problem of S-RSA that can't resist the DOS attack and can't get back the user's private key after the user cancels the ticket. |
| |
| Keywords: | private key protection password private key security |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机系统应用》浏览原始摘要信息 |
|
点击此处可从《计算机系统应用》下载全文 |
