对于口令认证密钥交换协议的服务器泄漏伪装攻击,提出一个针对该攻击的两方口令认证的密钥交换协议,并分析了该协议的安全性.所提出的协议中,用户保存自己的口令明文,服务器存储用户口令明文的验证值,用户和服务器之间通过身份标识和含有口令验证值的信息来认证对方.分析表明,所提出的协议是安全的.%Password authenticated key exchange protocol for the server leaks disguised attack against the attacks , a two-party password authenticated key exchange protocol is proposed, and the security of the protocol is analyzed. The proposed protocol, the user expressly preserve their own password, the server stores user passwords in clear text authentication value, between the user and the server identity and by the value of information with password authentication to authenticate each other. Analysis showed that the proposed protocol is secure.
展开▼