Abstract:
A password mechanism based on digest technology is introduced, which allows one granting his right to a temporary user with limited times and access. The mechanism can keep it off analysis attack, dictionary based attack and brute-force attack, and it is easy to extend to limit access count and authorization. A Java prototype system is also introduced.
Key words:
computer security,
limited authorization password,
access control
摘要: 提出一种基于摘要机制的有限授权密码机制,使得用户可以在不泄漏密码本身的情况下允许其他用户临时拥有访问系统的权力。该机制可以抵抗密码分析攻击、字典攻击和强力破解攻击,具有较强的安全性,也可以扩展用来限制访问次数和访问权限,具有较强的实用性。该文同时给出了一个基于Java实现的原型系统。
关键词:
计算机安全,
有限授权密码,
访问控制
CLC Number:
ZHAN Tao; ZHOU Xing-she; LIAO Zhi-gang. Limited Authorization Password Mechanism[J]. Computer Engineering, 2008, 34(2): 28-30.
詹 涛;周兴社;廖志刚. 有限授权密码机制[J]. 计算机工程, 2008, 34(2): 28-30.