CN102045170B - Method and system for protecting safety of password - Google Patents
Method and system for protecting safety of password Download PDFInfo
- Publication number
- CN102045170B CN102045170B CN 201010610471 CN201010610471A CN102045170B CN 102045170 B CN102045170 B CN 102045170B CN 201010610471 CN201010610471 CN 201010610471 CN 201010610471 A CN201010610471 A CN 201010610471A CN 102045170 B CN102045170 B CN 102045170B
- Authority
- CN
- China
- Prior art keywords
- password
- hash operation
- verified
- taking
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a method for protecting safety of a password. The method comprises the following steps of: A, performing Hash operation for n times according to the password set at a password set stage to obtain a first password, wherein n is a natural number less than the maximum time N, and N is a natural number more than 1; B, performing Hash operation on the received password to be verified for m times to obtain a second password; C, when the second password and the first password are consistent, determining that the password to be verified is correct; when the second password and the first password are not consistent, judging whether m is less than or equal to the maximum time N; and if so, adding 1 to m and then performing the step B, otherwise, determining that the password to be verified is not correct. The invention provides a system for protecting the safety of the password. By using the method and the system, the password can resist the attacking of a dictionary and safety is improved.
Description
Technical Field
The invention relates to the field of information security, in particular to a method and a system for realizing password security protection.
Background
In modern life, passwords are increasingly used, for example: the password of the e-mail box, the login password for logging in a certain website, the transaction password of the internet bank, the file encryption password, the hardware device password and the like belong to the category of passwords. In the application, the password is used for verifying whether the identity of the user or the user is legal or not, and further endowing the legal user or the user with corresponding operation authority; such as: when a user or a user logs in a certain system or website, the system or the website confirms that the user or the user is legal and gives corresponding authority under the condition that the password input by the user or the user is correct by the certain system or the website, otherwise, the user or the user is illegal. Therefore, security protection of the password is crucial.
The existing password authentication method includes: transmitting a password for determining user validity or an encrypted password to a server for password authentication; the server for password authentication compares whether the password from the user side or the encrypted password is consistent with the password stored in the server side, if so, the password authentication is passed, otherwise, the password authentication fails.
In order to prevent the password for judging the legality of the user from being stolen, the password can be ensured to be safe through a channel encryption technology and the like; although the password can be ensured to be safe in the transmission process by the channel encryption and other technologies, dictionary attack to the password cannot be resisted. The dictionary attack is a method for verifying various combination modes of character strings one by one according to the character strings possibly contained in the password so as to obtain a correct password. At present, the difficulty of dictionary attack on passwords mainly depends on the complexity of the passwords; the more complex the password, the longer the time required for a dictionary attack.
In practical application of the password, since the user or the user often needs to remember the password, the password set by the user or the user is not complicated to defend against dictionary attack, and further protection on the security of the password is needed.
Disclosure of Invention
In view of this, the present invention provides a method for implementing password security protection, which can make a password resist dictionary attacks and improve security.
The invention aims to provide a system for realizing password security protection, which can make a password resist dictionary attack and improve the security.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a method of implementing password security, the method comprising:
A. carrying out hash operation for n times according to the password set in the password setting stage to obtain a first password; n is a natural number less than the maximum number N; n is a natural number greater than 1;
B. carrying out hash operation on the received password to be verified for m times to obtain a second password;
C. when the second password is consistent with the first password, confirming that the password to be verified is correct; and B, when the second password is inconsistent with the first password, judging whether m is less than or equal to the maximum number of times N, if so, increasing the value of m by 1 and then executing the step B, otherwise, confirming that the password to be verified is wrong.
Preferably, the step a and the step B further include:
combining the first password with the n according to a combination condition, and carrying out hash operation on the combined data to obtain a third password;
step B further comprises, after the second password is identical to the first password:
combining the second password with the m according to a combination condition, and carrying out hash operation on the combined data to obtain a fourth password; when the fourth password is consistent with the third password, confirming that the password to be verified is correct; and when the fourth password is inconsistent with the third password, confirming that the password to be verified is wrong.
In the above method, the step a of performing hash operation on the password set in the password setting stage for n times to obtain the first password includes:
and performing the first hash operation on the password set in the password setting stage, taking the result of the first hash operation as input data for performing the hash operation for the second time until performing the hash operation for n times, and taking the result obtained by the hash operation for the n time as the first password.
In the above method, the performing hash operation on the received password to be verified m times to obtain the second password in step B includes:
and performing primary hash operation on the received password to be verified, taking the result of the primary hash operation as input data for performing the hash operation for the second time until m times of hash operation are performed, and taking the result obtained by the m times of hash operation as a second password.
In the above method, the step a of performing hash operation on the password set in the password setting stage for n times to obtain the first password includes:
and performing primary hash operation on the password set in the password setting stage, converting the result of the primary hash operation, taking the converted data as input data for performing the hash operation for the second time, taking the data obtained by converting the result of each hash operation as the input data for performing the hash operation for the next time until n times of hash operations are performed, and taking the result of the nth hash operation as the first password.
In the above method, the performing hash operation on the received password to be verified m times to obtain the second password in step B includes:
and performing a first hash operation on the received password to be verified, converting the result of the first hash operation, taking the converted data as input data for performing the hash operation for the second time, taking the data obtained by converting the result of each hash operation as the input data for performing the hash operation for the next time until m times of hash operations are performed, and taking the result of the mth hash operation as a second password.
In the above method, the combining condition is to splice a plurality of data into one data sequentially or to perform arithmetic calculation on the plurality of data to obtain one data.
A system for implementing password security, the system comprising:
the password setting module is used for outputting a first password generating instruction to the password encryption module according to the input trigger information for setting the first password; saving a first password, a preset number of times N and a preset maximum number of times N output by a password encryption module; the first password generation instruction carries a preset number n and a password set in a password setting stage; n is a natural number less than the maximum number N; n is a natural number greater than 1;
the password verification module outputs a second password generation instruction carrying a password to be verified and the hash operation times m to the password encryption module according to the input trigger information for verifying the second password; the password verification module receives a second password output by the password encryption module, reads the first password and the preset maximum times N from the password setting module, and determines that the password to be verified is correct when the second password is judged to be consistent with the first password; when the second password is judged to be inconsistent with the first password, judging whether the hash operation times m are less than or equal to a preset maximum time N, if so, increasing 1 to the hash operation times m, and outputting a second password generation instruction carrying the password to be verified and the hash operation times m to a password encryption module, otherwise, determining that the password to be verified is wrong;
the password encryption module is used for carrying out n times of Hash operation on the password set in the password setting stage according to the first password generation instruction to obtain a first password and outputting the first password to the password setting module; and performing hash operation on the password to be verified m times according to a second password generation instruction to obtain a second password, and outputting the second password to the password verification module.
Preferably, the system further comprises: a password combination module;
the password setting module further outputs a third password generation instruction to the password combination module according to the input trigger information for setting a third password, and stores the third password output by the password combination module; outputting trigger information for verifying the fourth password to the password verification module; the third password generation instruction carries a preset number n and a first password; the trigger information for verifying the fourth password carries the third password;
the password verification module further outputs a fourth password generation instruction to the password combination module after judging that the second password is consistent with the first password according to the trigger information for verifying the fourth password; when the fourth password is judged to be consistent with the third password according to the fourth password output by the password combination module and the received third password, the password to be verified is determined to be correct, otherwise, the password to be verified is incorrect; the fourth password generation instruction carries a second password and the number m;
the password combination module combines the first password with a preset number n according to a third password generation instruction and a preset combination condition, performs hash budget on the combined data to obtain a third password, and outputs the third password to the password setting module; and combining the second password and the preset times m according to a fourth password generation instruction output by the password verification module and a preset combination condition, performing hash operation on the combined data to obtain a fourth password, and outputting the fourth password to the password verification module.
In the above system, the password encryption module includes:
the first password generating unit is used for performing a first Hash operation on the password set in the password setting stage according to the first password generating instruction, taking the result of the first Hash operation as input data for performing the Hash operation for the second time until n times of Hash operation are performed, taking the result obtained by the n times of Hash operation as the first password, and outputting the first password to the password setting module;
and the second password generation unit is used for performing the first hash operation on the received password to be verified according to the second password generation instruction, taking the result of the first hash operation as input data for performing the hash operation for the second time until m times of hash operation are performed, taking the result obtained by the m times of hash operation as the second password, and outputting the second password to the password verification module.
In the above system, the password encryption module includes:
the first password generating unit is used for performing a first Hash operation on the password set in the password setting stage according to a first password generating instruction, converting the result of the first Hash operation, taking the converted data as input data for performing the Hash operation for the second time, taking the data obtained by converting the result of each Hash operation as the input data for performing the Hash operation for the next time until n times of Hash operations are performed, taking the result of the n times of Hash operation as a first password, and outputting the first password to the password setting module;
and the second password generating unit is used for performing a first hash operation on the received password to be verified according to a second password generating instruction, converting the result of the first hash operation, taking the converted data as input data for performing the second hash operation, taking the data obtained by converting the result of each hash operation as input data for performing the next hash operation until m hash operations are performed, taking the result of the m hash operations as a second password, and outputting the second password to the password verification module.
According to the technical scheme, the invention provides a method and a system for realizing password security protection, which are used for carrying out hash operation on a password set in a password setting stage for preset n times to obtain a first password; in the password verification stage, the same Hash algorithm is adopted, Hash operation is carried out on the password to be verified one by one, after each Hash operation, the Hash operation result is compared with the first password, and when the Hash operation result is consistent with the first password and the Hash operation time m is less than the maximum time N, the password to be verified is judged to be a correct password; otherwise, after the password to be verified is subjected to the Hash operation for N times, the Hash element operation result is still inconsistent with the first password, and the password to be verified is judged to be wrong. By adopting the method and the system, when the dictionary attack is carried out on the password, the time for judging the password provided by the dictionary attack as the error password each time is at least the time of N times of Hash operation, so that the time cost of verifying a large number of error passwords during the dictionary attack is increased, the capability of the password for resisting the dictionary attack is enhanced, and the security of the password is improved.
Drawings
FIG. 1 is a flowchart of a first embodiment of a method for implementing password security protection according to the present invention.
FIG. 2 is a flowchart of a second embodiment of the method for implementing password security protection.
FIG. 3 is a schematic structural diagram of a system for implementing password security protection according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and examples.
The invention provides a method and a system for realizing password security protection; carrying out hash operation on the password used for verification and set in the password setting stage for n times to obtain a first password so as to increase the complexity of the first password used for verification; in the password verification stage, the password to be verified provided by the client is subjected to hash operation in the same way, the hash operation is carried out successively in a mode of increasing times, after each hash operation, the hash operation result is compared with the first password, the hash operation result consistent with the first password can be obtained within the preset maximum times N, the password to be verified is considered to be correct, otherwise, the password to be verified is determined to be wrong; the capability of the password for resisting dictionary attack is enhanced by setting a maximum number N.
FIG. 1 is a flowchart of a first embodiment of a method for implementing password security protection according to the present invention. Referring now to fig. 1, a method according to a first embodiment of the present invention is described, specifically as follows:
step 101: carrying out hash operation on the password set in the password setting stage for n times to obtain a first password;
and performing hash operation on the password set in the password setting stage for n times according to the preset times n and the password set in the password setting stage, and taking the result of the hash operation for n times as a first password. The preset times N are less than the preset maximum times N; and N is a natural number. The number n may be a random number. In order to reduce the operation times of correct password while resisting dictionary attack, the times N are [1, N]The distribution above is in accordance with the normal distribution with the mean value a and the variance b; a can be selected as a value close to the side 1, and b can be set according to a so that the number n is probabilisticallyMuch less than N while in the range [1, N]The distribution of the boundaries is not too small, such as: n is 105The number of hash operations N required for verifying the correct password is 1, N]The distribution above is a normal distribution with a mean of 5000 and a variance of 20000.
The hash operation may be a common hash algorithm, such as MD5, SHA1, SHA256, and the like, or the hash algorithm may be customized according to the security requirement, and specific contents of the hash algorithm are not described herein again.
In the step of setting the password, the step of performing hash operation on the password set in the step of setting the password for n times to obtain the first password comprises the following steps: and performing the first hash operation on the password set in the password setting stage, taking the result of the first hash operation as input data for performing the hash operation for the second time until performing the hash operation for n times, and taking the result obtained by the hash operation for the n time as the first password.
Or the step of carrying out hash operation on the password set in the password setting stage for n times to obtain the first password comprises the following steps: and performing primary hash operation on the password set in the password setting stage, converting the result of the primary hash operation, taking the converted data as input data for performing the hash operation for the second time, taking the data obtained by converting the result of each hash operation as the input data for performing the hash operation for the next time until n times of hash operations are performed, and taking the result of the nth hash operation as the first password. The transformation method can adopt various existing data transformation methods, such as: splicing, reverse order, arithmetic computation, etc., and detailed descriptions of specific transformation methods are omitted here.
Step 102: carrying out hash operation on the password to be verified m times to obtain a second password;
in the password verification stage, the initial value of the number m is 1, m times of hash operation are carried out on the input password to be verified, and the result of the m times of hash operation is used as a second password.
The hash operation in this step is the same as the hash operation in step 101, and specifically includes: and performing primary hash operation on the received password to be verified, taking the result of the primary hash operation as input data for performing the hash operation for the second time until m times of hash operation are performed, and taking the result obtained by the m times of hash operation as a second password. Or performing a first hash operation on the received password to be verified, converting the result of the first hash operation, taking the converted data as input data for performing the hash operation for the second time, taking the data obtained by converting the result of each hash operation as input data for performing the hash operation for the next time until performing the hash operation for m times, and taking the result of the mth hash operation as the second password. The transformation method in this step needs to be consistent with the transformation method in step 101, for example, the transformation method used in step 101 is in reverse order, and the transformation method used in step 102 is also in reverse order.
Step 103: judging whether the second password is consistent with the first password, if so, executing step 107, otherwise, executing step 104;
step 104: judging whether the number m of times is less than or equal to a preset maximum number N, if so, executing a step 105, otherwise, executing a step 106;
if the second password is different from the first password, whether the number m of hash operations performed at the time is less than or equal to the preset maximum number N of hash operations needs to be further judged.
In the step, the key step of resisting dictionary attack is also actually judging whether the password to be verified is an error password; the larger the preset maximum number N value is, the larger the operation amount of the wrong password is verified each time, so that the verification time is longer, and the dictionary attack resistance is stronger; meanwhile, the preset maximum number of times N is also an upper limit value of the hash operation number of times for determining the correct password, so that the dictionary attack resistance is greatly improved by the limited increase of the correct password verification time.
Step 105: increasing the number m by 1, and then executing step 102;
and increasing the hash operation number m by 1 so as to more accurately judge the correctness of the key to be verified through successive hash operation in the password verification process and enhance the capability of the password for resisting dictionary attack.
Step 106: determining that the password to be verified is wrong, and then executing step 108;
and determining that the password to be verified is wrong under the condition that the hash operation time m is greater than a preset maximum value N.
Step 107: determining that the password to be verified is correct;
and if the second password is the same as the first password, determining that the password to be verified is the correct password.
Step 108: and (6) ending.
FIG. 2 is a flowchart of a second embodiment of the method for implementing password security protection. A second embodiment of the method of the present invention will now be described with reference to fig. 2, in which:
the specific contents of steps 203 to 206 in this embodiment are the same as those of steps 102 to 105 in the first embodiment, and are not described again in this embodiment.
Step 201: carrying out hash operation on the password set in the password setting stage for n times to obtain a first password;
step 201 of this embodiment is the same as step 101 of the first embodiment, and is not described herein again.
Step 202: carrying out Hash operation on the data combined by the times n and the first password to obtain a third password;
and combining the times n and the first password according to a preset combination condition, and performing hash operation on the combined data to obtain a third password. The combination condition may be that a plurality of data are sequentially spliced into one data, for example, the number n is before the data of the first password or after the data of the first password; or the combination condition is one data obtained by arithmetically calculating a plurality of data.
Step 203: carrying out hash budgeting on the password to be verified m times to obtain a second password;
step 204: judging whether the second password is consistent with the first password, if so, executing step 207, otherwise, executing step 205;
step 205: judging whether the number m is less than or equal to a preset maximum number N, if so, executing a step 206, otherwise, executing a step 210;
step 206: increasing the number m by 1, and then executing step 203;
step 207: carrying out Hash operation on the data combined by the times m and the second password to obtain a fourth password;
and combining the times m and the second password according to a preset combination condition, and performing hash operation on the combined data to obtain a third password. The content of the combination condition is the same as that of the combination condition described in step 202, and is not described herein again.
The step of performing the hash operation again on the data combined by the first password and the number n of times is to prevent the occurrence of a very small probability event that the wrong password is judged to be the correct password by mistake, and even if hash collision occurs, namely the result of the wrong password after the hash operation is performed for a plurality of times is coincidentally equal to the first password, the subsequent verification performed by adding the number m can be used for preventing the misjudgment, so that the possibility of the misjudgment caused by the hash operation result collision is reduced.
Step 208: judging whether the fourth password is consistent with the third password, if so, executing step 209; otherwise, go to step 210;
step 209: determining that the password to be verified is correct;
according to whether the fourth password is the same as the third password or not, the misjudgment can be eliminated, and the safety is improved.
Step 210: determining that the password to be verified is wrong;
step 211: and (6) ending.
FIG. 3 is a schematic structural diagram of a system for implementing password security protection according to the present invention. Referring to fig. 3, a system for implementing password security protection according to the present invention is described as follows:
the system for realizing password security protection comprises: a password setting module 301, a password encryption module 302, and a password authentication module 303.
The password setting module 301 is connected with the password encryption module 302 and the password verification module 303, and triggers the password encryption module 302 to obtain a first password at the password setting stage; outputting a first password generation instruction to the password encryption module 302 according to externally input trigger information for setting a first password; and saving the first password, the preset times N and the preset maximum times N. The first password generation instruction carries a preset number n and a password set in a password setting stage; n is a natural number less than the maximum number of times N; n is a natural number greater than 1. The password setting module 301 may use the received character string as a password set in the password setting stage, or may convert the received character string and use the converted character string as a password set in the password setting stage. The password set in the password setting stage is used for verifying whether the input password to be verified is correct or not.
The password encryption module 302 is connected to the password setting module 301 and the password verification module 303, and performs hash operation on the received data by using the same hash algorithm. The password encryption module 302 performs hash operation on the received password set in the password setting stage for n times according to the first password generation instruction to obtain a first password, and outputs the first password to the password setting module 301; and according to a second password generation instruction output by the password verification module 303, performing hash operation on the received password to be verified for m times to obtain a second password, and outputting the second password to the password verification module 303.
The password verification module 303 triggers the password encryption module 302 to generate a second password in the password verification stage; outputting a second password generation instruction to the password encryption module 302 according to externally input trigger information for verifying the second password; the second password generation instruction carries the password to be verified and the number m; the number m is initially 1. After receiving the second password, the password verification module 303 reads the first password and the preset maximum number of times N temporarily stored in the password setting module 301, and determines that the password to be verified is correct when the second password is determined to be consistent with the first password; and when the second password is judged to be inconsistent with the first password, further judging whether the hash operation time m is less than or equal to a preset maximum time N, if so, increasing 1 to the hash operation time m, and outputting a second password generation instruction carrying the password to be verified and the hash operation time m to the password encryption module 302, otherwise, determining that the password to be verified is wrong.
In order to further reduce the possibility of misjudgment and improve the capability and the safety of resisting dictionary attack, the system further comprises an password combination module 304; password combination module 304 connects password setup module 301 and password verification module 303.
The password setting module 301 further outputs a third password generation instruction to the password combination module 304 after generating the first password according to the externally input trigger information for setting the third password; saving the third password output by the password combination module 304; and outputs trigger information for verifying the fourth password to the password verification module 303. The third password generation instruction carries a preset number n and the first password; and verifying that the trigger information of the fourth password carries the third password.
The password verification module 303 further outputs a fourth password generation instruction to the password combination module 304 after judging that the second password is consistent with the first password according to the trigger information for verifying the fourth password; and when the fourth password is judged to be consistent with the third password according to the fourth password output by the password combination module 304 and the received third password, determining that the password to be verified is correct, otherwise, determining that the password to be verified is incorrect. And the fourth password generation instruction carries the second password and the hash operation times m.
The password combination module 304 combines the first password and the preset number n according to the third password generation instruction and the preset combination condition, performs hash budget on the combined data to obtain a third password, and outputs the third password to the password setting module 301. The password combination module 304 combines the second password with the preset number m according to the fourth password generation instruction and the preset combination condition output by the password verification module 303, performs hash operation on the combined data to obtain a fourth password, and outputs the fourth password to the password verification module 303.
The password encryption module 302 includes a first password generation unit 3021 and a second password generation unit 3022.
The first password generation unit 3021 performs a first hash operation on the password set in the password setting stage according to the first password generation instruction, uses a result of the first hash operation as input data for performing the hash operation for the second time until n times of hash operations are performed, uses a result obtained by the nth hash operation as the first password, and outputs the first password to the password setting module 301.
The second password generation unit 3022 performs a first hash operation on the received password to be verified according to the second password generation instruction, uses a result of the first hash operation as input data for performing the hash operation for the second time until m hash operations are performed, uses a result obtained by the m hash operation as the second password, and outputs the second password to the password verification module 303.
In order to improve security, the first password generation unit 3021 and the second password generation unit 3022 may further transform the result of each hash operation, and use the transformed data as the data of the next hash operation, which is as follows:
the first password generation unit 3021 performs a first hash operation on the password set in the password setting stage according to the first password generation instruction, converts the result of the first hash operation, uses the converted data as input data for performing the hash operation for the second time, uses the data obtained by converting the result of each hash operation as input data for performing the hash operation for the next time until n hash operations are performed, uses the result of the nth hash operation as the first password, and outputs the first password to the password setting module 301.
The second password generation unit 3022 performs a first hash operation on the received password to be verified according to the second password generation instruction, converts the result of the first hash operation, uses the converted data as input data for performing the hash operation for the second time, uses the data obtained by converting the result of each hash operation as input data for performing the hash operation for the next time until m hash operations are performed, uses the result of the m hash operation as the second password, and outputs the second password to the password verification module 303.
In the preferred embodiment of the invention, in the password verification part, the wrong password can be determined only after N times of hash operation, and under the normal condition, the hash operation time required to be executed in each time of correct password verification is far less than the maximum time N, so that the verification time of the correct password is far less than the verification time of the wrong password, the password verification efficiency is improved, the time cost of a large number of wrong password verifications is greatly increased when a dictionary attacks, and the dictionary attack to the password is effectively resisted. In order to reduce the probability of mistakenly judging the wrong password as the correct password due to the collision of the Hash operation, after the first password is obtained, data obtained by combining the first password and the times n is further used as a basis for judging whether the password to be verified is correct or not, so that the password to be verified can be judged to be correct only under the conditions that the password to be verified is the same as the first password and the times m and n are correct, and the accuracy of the verification result is further improved.
The above description is only exemplary of the present invention and should not be taken as limiting the invention, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (5)
1. A method for implementing password security, the method comprising:
A. carrying out hash operation for n times according to the password set in the password setting stage to obtain a first password; n is a natural number less than the maximum number N; n is a natural number greater than 1;
B. carrying out hash operation on the received password to be verified for m times to obtain a second password; the initial value of m is 1;
C. when the second password is consistent with the first password, confirming that the password to be verified is correct; when the second password is inconsistent with the first password, judging whether m is less than or equal to the maximum number N, if so, increasing the value of m by 1 and then executing the step B, otherwise, confirming that the password to be verified is wrong;
the step A of performing hash operation on the password set in the password setting stage for n times to obtain the first password comprises the following steps:
performing a first hash operation on the password set in the password setting stage, taking the result of the first hash operation as input data for performing the hash operation for the second time until performing the hash operation for n times, and taking the result obtained by the hash operation for the n time as the first password;
b, performing hash operation on the received password to be verified for m times to obtain a second password comprises the following steps:
performing a first hash operation on the received password to be verified, taking the result of the first hash operation as input data for performing the hash operation for the second time until performing the hash operation for m times, and taking the result obtained by the hash operation for the m times as a second password; or,
the step A of carrying out hash operation on the password set in the password setting stage for n times to obtain a first password comprises the following steps:
performing a first hash operation on the password set in the password setting stage, converting the result of the first hash operation, taking the converted data as input data for performing the hash operation for the second time, taking the data after converting the result of each hash operation as the input data for performing the hash operation for the next time until performing the hash operation for n times, and taking the result of the hash operation for the nth time as the first password;
b, performing hash operation on the received password to be verified for m times to obtain a second password comprises the following steps:
performing a first hash operation on the received password to be verified, converting the result of the first hash operation, taking the converted data as input data for performing the hash operation for the second time, taking the data after the conversion of the result of each hash operation as the input data for performing the hash operation for the next time until performing the hash operation for m times, and taking the result of the hash operation for the m times as a second password; wherein, the transformation in the step B is consistent with the transformation method in the step A.
2. The method of claim 1, further comprising between step a and step B:
combining the first password with the n according to a combination condition, and carrying out hash operation on the combined data to obtain a third password;
step B further comprises, after the second password is identical to the first password:
combining the second password with the m according to a combination condition, and carrying out hash operation on the combined data to obtain a fourth password; when the fourth password is consistent with the third password, confirming that the password to be verified is correct; and when the fourth password is inconsistent with the third password, confirming that the password to be verified is wrong.
3. The method according to claim 2, wherein the combination condition is to splice a plurality of data into one data sequentially one after another or to arithmetically calculate a plurality of data to obtain one data.
4. A system for implementing password security, the system comprising:
the password setting module is used for outputting a first password generating instruction to the password encryption module according to the input trigger information for setting the first password; saving a first password, a preset number of times N and a preset maximum number of times N output by a password encryption module; the first password generation instruction carries a preset number n and a password set in a password setting stage; n is a natural number less than the maximum number N; n is a natural number greater than 1;
the password verification module outputs a second password generation instruction carrying a password to be verified and the hash operation times m to the password encryption module according to the input trigger information for verifying the second password; the password verification module receives a second password output by the password encryption module, reads the first password and the preset maximum times N from the password setting module, and determines that the password to be verified is correct when the second password is judged to be consistent with the first password; when the second password is judged to be inconsistent with the first password, judging whether the hash operation times m are less than or equal to a preset maximum time N, if so, increasing 1 to the hash operation times m, and outputting a second password generation instruction carrying the password to be verified and the hash operation times m to a password encryption module, otherwise, determining that the password to be verified is wrong;
the password encryption module is used for carrying out n times of Hash operation on the password set in the password setting stage according to the first password generation instruction to obtain a first password and outputting the first password to the password setting module; according to the second password generation instruction, performing hash operation on the password to be verified for m times to obtain a second password, and outputting the second password to the password verification module; wherein the initial value of m is 1;
the password encryption module comprises:
the first password generating unit is used for performing a first Hash operation on the password set in the password setting stage according to the first password generating instruction, taking the result of the first Hash operation as input data for performing the Hash operation for the second time until n times of Hash operation are performed, taking the result obtained by the n times of Hash operation as the first password, and outputting the first password to the password setting module; or, according to a first command generation instruction, performing a first hash operation on the password set in the command setting stage, converting the result of the first hash operation, taking the converted data as input data for performing the hash operation for the second time, taking the data obtained by converting the result of each hash operation as input data for performing the hash operation for the next time until n hash operations are performed, taking the result of the nth hash operation as the first password, and outputting the first password to the password setting module;
the second password generating unit is used for performing first Hash operation on the received password to be verified according to a second password generating instruction, taking the result of the first Hash operation as input data for performing Hash operation for the second time until m times of Hash operation are performed, taking the result obtained by the m times of Hash operation as a second password, and outputting the second password to the password verification module; or, according to a second password generation instruction, performing a first hash operation on the received password to be verified, converting the result of the first hash operation, taking the converted data as input data for performing the hash operation for the second time, taking the data obtained by converting the result of each hash operation as input data for performing the hash operation for the next time until m hash operations are performed, taking the result of the mth hash operation as a second password, and outputting the second password to the password verification module;
wherein the transformation by the first password generation unit coincides with a method of the transformation by the second password generation unit.
5. The system of claim 4, further comprising: a password combination module;
the password setting module further outputs a third password generation instruction to the password combination module according to the input trigger information for setting a third password, and stores the third password output by the password combination module; outputting trigger information for verifying the fourth password to the password verification module; the third password generation instruction carries a preset number n and a first password; the trigger information for verifying the fourth password carries the third password;
the password verification module further outputs a fourth password generation instruction to the password combination module after judging that the second password is consistent with the first password according to the trigger information for verifying the fourth password; when the fourth password is judged to be consistent with the third password according to the fourth password output by the password combination module and the received third password, the password to be verified is determined to be correct, otherwise, the password to be verified is incorrect; the fourth password generation instruction carries a second password and the number m;
the password combination module combines the first password with a preset number n according to a third password generation instruction and a preset combination condition, performs hash budget on the combined data to obtain a third password, and outputs the third password to the password setting module; and combining the second password and the preset times m according to a fourth password generation instruction output by the password verification module and a preset combination condition, performing hash operation on the combined data to obtain a fourth password, and outputting the fourth password to the password verification module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010610471 CN102045170B (en) | 2010-12-28 | 2010-12-28 | Method and system for protecting safety of password |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010610471 CN102045170B (en) | 2010-12-28 | 2010-12-28 | Method and system for protecting safety of password |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102045170A CN102045170A (en) | 2011-05-04 |
| CN102045170B true CN102045170B (en) | 2013-02-20 |
Family
ID=43910989
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010610471 Expired - Fee Related CN102045170B (en) | 2010-12-28 | 2010-12-28 | Method and system for protecting safety of password |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102045170B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105119721B (en) * | 2015-08-06 | 2018-05-29 | 山东科技大学 | A kind of three factor remote identity authentication methods based on smart card |
| KR102239488B1 (en) * | 2017-05-31 | 2021-04-12 | 삼성에스디에스 주식회사 | System and method for communicating between devices |
| CN110858832B (en) * | 2018-08-22 | 2022-04-12 | 阿里巴巴集团控股有限公司 | Password information reinforcement and data processing method, device, system and storage medium |
| CN109862008B (en) * | 2019-01-31 | 2020-11-20 | 北京深思数盾科技股份有限公司 | Key recovery method and device, electronic equipment and storage medium |
| CN110690956B (en) * | 2019-09-27 | 2022-09-06 | 杭州海康威视数字技术股份有限公司 | Bidirectional authentication method and system, server and terminal |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007072814A1 (en) * | 2005-12-19 | 2007-06-28 | Nippon Telegraph And Telephone Corporation | Terminal identification method, authentication method, authentication system, server, terminal, radio base station, program, and recording medium |
| CN100410949C (en) * | 2006-09-20 | 2008-08-13 | 华为技术有限公司 | Data bank system and method for controlling data bank data |
| CN101309278B (en) * | 2008-06-27 | 2011-07-06 | 腾讯科技(深圳)有限公司 | Method and system for storing encrypt data on customer |
-
2010
- 2010-12-28 CN CN 201010610471 patent/CN102045170B/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN102045170A (en) | 2011-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110493202B (en) | Login token generation and verification method and device and server | |
| CN106534160B (en) | Identity authentication method and system based on block chain | |
| US10367797B2 (en) | Methods, systems, and media for authenticating users using multiple services | |
| US8001383B2 (en) | Secure serial number | |
| US8522024B2 (en) | Authentication method, system, and device | |
| EP2346207A1 (en) | A method for authenticating a trusted platform based on the tri-element peer authentication (tepa) | |
| CN106453422B (en) | Dynamic authentication method and system based on mobile terminal | |
| CN108075888B (en) | Dynamic URL generation method and device, storage medium and electronic equipment | |
| CN102045170B (en) | Method and system for protecting safety of password | |
| CN102281138B (en) | Method and system for improving safety of verification code | |
| CN101699820A (en) | Method and device for authenticating dynamic passwords | |
| KR20160126986A (en) | Voice print verification method and apparatus, storage medium and device | |
| CN113709181A (en) | Website login method, device, equipment and storage medium based on browser plug-in | |
| KR102045488B1 (en) | Electronic terminal apparatus performing login authentication processing based on biometrics and operating method thereof | |
| CN103500202A (en) | Security protection method and system for light-weight database | |
| CN107566360A (en) | A kind of generation method of data authentication code | |
| CN104506321A (en) | Method for updating seed data in dynamic token | |
| CN114448605A (en) | Encrypted ciphertext verification method, system, equipment and computer readable storage medium | |
| CN111143808A (en) | System security authentication method and device, computing equipment and storage medium | |
| KR101077975B1 (en) | Method of generating fuzzy vault based on biometric information and verifying user's indentification using fuzzy vault | |
| CN113268716A (en) | Authorization verification system, method and device for application and storage medium | |
| CN107395580B (en) | Data verification method and device | |
| CN111600701B (en) | Private key storage method, device and storage medium based on blockchain | |
| CN104009963B (en) | The security authentication mechanism of remote password | |
| CN118279053A (en) | Security verification method and system based on transaction permission and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING SHENSI SHUDUN SCIENCE + TECHNOLOGY CO., LT Free format text: FORMER OWNER: BEIJING SENSELOCK SOFTWARE TECHNOLOGY CO., LTD. Effective date: 20150112 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100086 HAIDIAN, BEIJING TO: 100872 HAIDIAN, BEIJING |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20150112 Address after: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing Patentee after: BEIJING SHENSI SHUDUN TECHNOLOGY Co.,Ltd. Address before: 100086 Beijing City, Haidian District Zhongguancun South Street No. 6 Zhucheng building block B room 1201 Patentee before: Beijing Senselock Software Technology Co.,Ltd. |
|
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: 100193 Beijing, Haidian District, East West Road, No. 10, East Hospital, building No. 5, floor 5, layer 510 Patentee after: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. Address before: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing Patentee before: BEIJING SHENSI SHUDUN TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee after: Beijing Shendun Technology Co.,Ltd. Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130220 |