Design and Implementation of Password-based Identity Authentication System
The main weakness of passwords is that it is vulnerable to dictionary attacks implemented by automated programs. As the EKE protocol could resist the offline dictionary attack and the CAPTCHA could avoid automatic on-line dictionary attack implemented by the attacker, in this paper, based on the two protocols, we proposed the hybrid password authentication protocols. Our new password authentication schemes combined the advantages of the EKE protocol and the CAPTCHA, which can resist the dictionary attacks implemented by the automatic programs perfectly. Finally, we gave the realization of the password authentication protocol, in which the reverse Turing test is realized by the common graphical verification code.
password identity authentication dictionary attacks EKE protocol CAPTCHA
Shuo Zhai Tao He
School of Computer, China University of Mining and Technology Xuzhou, China
国际会议
太原
英文
253-257
2010-10-22(万方平台首次上网日期,不代表论文的发表时间)