dfg sddsf fdgdf dfgfg fdggg
何謂One-time Pad/Password?wiki中的解釋:http://en.wikipedia.org/wiki/One-time_passwordcodeproject中的範例:Applied Crypto++: Pseudo Random Number GeneratorsVernam encryption/decryption of filesCryptography 101 for the .NET Framework.NET Encryption SimplifiedMobile Agents - Software on the move其他資料:http://www.deer-run.com/~hal/ns2000/otp.pdfhttp://www.faqs.org/rfcs/rfc2289.html底下為Wiki內容翻譯: 使用One-time password (OTP)的目的是讓未授權的人更難存取受保護的資源。傳統的固定密碼很容易讓未授權的入侵者有足夠的時間嘗試存取,藉由OTP不斷地變換密碼可大大地降低此風險。 OTP有三種不同的類型:第一種是用數學演算法基於前一次的密碼產生這一次的密碼;第二種是根據認證主機與用戶端間的時間同步關係產生;第三種與第一種類似,也是用數學演算法,但是新的密碼是由盤問(認證主機選擇的亂數或交易的內容)及計數器得來,而非基於前次密碼。第一種的實作說明:參考文章: Hash chain一個由Leslie Lamport提出來的方式是使用所謂的One-way function(稱之為f)。這個one-time password系統從一個初始的種子 's' 開始運作,然後以下列公式依需求產生密碼。f(s), f(f(s)), f(f(f(s))), ... 第二種的實作說明:時間同步的OTP通常都是以實體token為主,在這實體token內有一個準確的時鐘,用來與認證主機中的時鐘同步。在這一類OTP系統中,The time-synchronized one-time passwords are usually related to physical hardware tokens (e.g., each user is given a personal token that generates a one-time password). Inside the token is an accurate clock that has been synchronized with the clock on the authentication server. On these OTP systems, time is an important part of the password algorithm since the generation of new passwords is based on the current time rather than the previous password or a secret key.Mobile phones and PDAs can also be used to generate a time-synchronised one-time password, as illustrated by the FiveBarGate concept. This approach could be a more cost effective alternative since most Internet users already have mobile phones. Additionally, this approach could be more convenient since the user would not need to carry around a separate hardware token for each security domain to which he or she requires access. .msgcontent .wsharing ul li { text-indent: 0; } 分享 Facebook Plurk YAHOO!
yahoo facebook google msn
留言列表
