The password which is short and easy to remember is easily be attacked by “password guessing”, put forwards three-party exchange protocol based on password. Based on analysis of lack of three-party exchange protocol, further improve of DML-3PAKE protocol, then analyze protocol efficiency and security. The analysis result shows that although new protocol increases calculation cost in executing probability, it is safer in defense of online dictionary attack, offline dictionary attack, and inter-mediator attack.%针对计算机中较短易记的口令容易受到“口令猜测”攻击的问题,提出一种基于口令的三方密钥交换协议。在分析了已有的三方密钥交换协议不足的基础上,进一步完善DML-3PAKE协议,并从协议效率和安全性2方面进行分析。分析结果表明:新协议虽然在执行效率方面增加了计算开销,但在防御在线字典攻击、离线字典攻击、中间人攻击等方面与之前协议相比更为安全。
展开▼