LOGIN AUTHENTICATION AND LOGIN PASSWORD MODIFICATION AUTHENTICATION METHODS, TERMINAL, AND SERVER

摘要

Disclosed is a login authentication method, comprising: a terminal sends a login page request to a server; the terminal receives a login page, an authentication random number, and a punching random number returned by the server; the terminal uses, after receiving a login password inputted by a user, the received login password to decrypt the authentication random number and the punching random number, and generates authentication information; the terminal sends the authentication information to the server, so that the server authenticates the received the authentication information, and permits the terminal to log in when the authentication is successful. Also disclosed are a login password modification authentication method, a terminal, and a server. According to the present invention, by using an authentication random number and a punching random number to generate authentication information, and encrypting the authentication random number and the punching random number using a login password, an attacker cannot crack the login password by means of HASH dictionary attacking, so that reveal of Web UI login passwords is effectively avoided, and the security of Web UI login is improved.