The paper makes an improved authentication method order by Three-Protocol of HOTP authentication method based on TOTP. The authentication method uses an authentication number threshold and a timestamp to resist brute force attacks and replay attacks, uses a random number and the MD5 encryption resist Man-in-the-Middle attack. Finally, a safe and useful Web authentication protocol is designed by PHP .%为了提高TOTP协议应用在Web认证中的安全性,依照HOTP认证三原则改进了基于TOTP的认证设计。改进后的认证系统在一个时间窗口内增加了一个认证次数阈值和时间戳用来更好的抗蛮力攻击和重放攻击,增加随机数和MD5哈希算法轻量化地抵抗中间人攻击。最后用PHP语言设计了一个安全、实用的Web认证系统。
展开▼