提供了辅助方法来避免跨站伪造攻击。
Helpers added to prevent cross-site request forgery attacks.
本文对一种自证明签名方案实施了伪造攻击。
A forgery attack is presented on the self-certified signature scheme.
这可以保证特征集与图像之间的一一映射关系,避免伪造攻击。
That can ensure the one to one mapping relationship between the feature set and the image, and avoid the counterfeit attack.
安全性分析表明该方案能够防止明文攻击、合谋攻击和伪造攻击。
The security analysis shows it can prevent plaintext attack, conspiracy attack and forging attack.
在标准模型下证明其能抵抗签名伪造攻击,且具有无条件匿名性。
It is proved to be unforgeable in the standard model, and is unconditionally anonymous.
该方案不仅能抵抗一切伪造攻击,而且具有可转换和可收回的特性。
The new scheme not only can resist all forgery attacks, but also has the properties of convertibility and retraction.
这样的漏洞使得敌手可利用伪造攻击和替换攻击对验证组进行欺骗;
These weak points can result in the adversary to cheat the verification group by forgery and substitution attack.
方案不仅能抵抗伪造攻击和满足代理签名的性质,而且具有前向安全。
The scheme not only can effectively resist the forgery attacks and satisfy all security properties of proxy signature, but also has the properties of forward security.
分析显示两个方案均能抵抗任何人(包括KGC)的伪造攻击和合谋攻击。
Analysis results show the two schemes can resist any forgery attacks and conspired attacks (including KGC).
改进的方案具有不可否认性,以及抵抗原签名人的伪造攻击和公钥替换攻击等优点。
Improved scheme has advantages of nonrepudiation, against he original signer's forgery attack and public key substitution attack etc.
利用这两个伪造攻击,任何一个原始签名人都能伪造出一个有效的代理多重数字签名。
Using these forgery attacks, anyone of original signers can produce a valid proxy multi-signature.
分析显示此两个方案均能抵抗任何(包括KGC)伪造攻击,且都满足签名者的无条件匿名性。
Analysis results show the two schemes can resist forgery attacks and conspired attacks (including KGC), and can meet with the requirements of unconditional anonymity of signers.
同时该方案能有效地抵抗重放攻击,伪造攻击,猜测和窃取攻击,扮演攻击及用户合谋攻击等。
Additionally, the proposed scheme can efficiently withstand message replaying attack, forgery attack, Masquerade attack, guessing and stolen verifier attack and collusion attack.
利用这些方案,计算机系统不仅能监测和控制口令的使用,而且可以抗击许多对口令的伪造攻击。
By using these schemes, computer system can not only supervises and controls all passwords, but also withstand all attack of forging password.
为提高可恢复双水印算法抵抗伪造攻击的能力,提出一种用于图像篡改检测和恢复的安全双水印算法。
To improve the security against the counterfeiting attack, this paper proposes a secure dual watermark scheme for image tamper detection and recovery.
为了抵抗原始签名人的伪造攻击,改进了代理签名密钥的生成过程,并对改进的方案进行了安全性分析。
To eliminate the original signers forgery attacks, a modification of the proxy key generation stage is proposed. Security analysis of the improved scheme is also presented.
对一种基于双线性对的新型门限代理签名方案进行了密码分析,发现该门限代理签名方案不能抵抗伪造攻击和公钥替换攻击。
Through the cryptanalysis of a threshold proxy signature scheme in literature, the scheme could not resist insider attacks and public-key substitute attacks.
对张劼等人提出的一类可验证的门限签名方案进行了安全性分析,发现它存在安全漏洞,容易受到合谋攻击和伪造攻击,并且不具备不可否认性。
Through the cryptanalysis of a verifiable threshold signature scheme presented by Zhang and Wen, concluded it not only exist collusion attack and forgery attack, but have no undeniability.
该文提出了一种伪造攻击方案指出张等的方案是不安全的,任一群成员在撤消中心的帮助下可以不利用自己的秘密参数对任何消息生成有效的群签名。
This paper will show that Zhang et al. 's scheme is insecure, any group member colludes with repeal center can generate a valid group signature without using his secret parameters.
但是公司请他们攻击竞争对手或发布伪造信息就是违法的。
But it's illegal for a company to ask them to attack competitors, or post fake information.
这样就可以开始向空SOAP消息体里填充伪造的消息内容了,由于签名验证无误,那攻击者定义的任何一个操作都可以被有效地执行了。
The filling of the empty SOAP body with bogus content can now begin, as any of the operations denied by the attacker can be effectively executed due to the successful signature verification.
知道了这一点,假设攻击者构造了一条IC MP回应消息,它的头中包含伪造的任意主机a的源地址,如192.168.2.2。
Knowing this, imagine that an attacker constructs an ICMP echo message containing the spoofed source address of some arbitrary Host a, such as 192.168.2.2, in its header.
这种攻击和Rails验证储存在cookie中的消息摘要有关,这个缺陷允许一个攻击者来决定伪造签名能够在什么时候通过验证。
Such an attack is related to how Rails verifies message digests in the cookie store and might allow an attacker to determine when a forged signature is partially correct.
一个是CSRF (CrossSiteRequest Forgery,跨站点伪造请求攻击),它允许攻击者绕过基于cookie的身份认证,前些天我曾在Blog上介绍过这种攻击。
CSRF (Cross Site Request Fogery) allows attackers to bypass cookie based authentication. I blogged about it a while ago.
该论文继续描述了一些攻击社会标签系统的方法,它们只需要通过建立极少的一些伪造用户来实现,伪造量只需要为系统所有用户数的0.03%。
The paper goes on to describe a few methods of attacking social tagging systems that require creating remarkably few fake accounts, as few as 0.03% of the total accounts in the system.
在现实世界中,我们通过视觉验证签名,即使如此,老练的攻击者还是可以伪造一个签名,大多数人都无法将它与原始签名区别开来。
In the real world, we validate signatures by sight, even though a skilled attacker can reliably forge a signature that most people cannot distinguish from the original.
如果攻击者可以篡改认证硬件,则可能将伪造的数字数据直接发射到设备中。
If an attacker can tamper with the authentication hardware, it might be possible to inject falsified digital data directly into the device.
当此标记与XSS攻击结合在一起时—在已归档的攻击中最常见—用户可以在不知情的情况下轻松地对其凭证执行一些操作—因此是伪造的。
When this tag is placed with an XSS attack - which are the most common of the documented attacks - users can easily do something with their credentials without knowing it - thus, the forgery.
通过要求表单提交包含有效的认证密钥,然后才能处理,可以使攻击者更难伪造其他用户提交的表单。
By requiring that a form submission contains a valid authorization key before processing, you make it much more difficult for someone to forge a form submission for another user.
当恶意客户机使用虚假的源地址来伪造一个IP报文时,TCP就会出现问题了,这会大量 TCPSYN报文攻击服务器。
The problem that can occur with TCP is when a rogue client forges an IP packet with a bogus source address, then floods a server with TCP SYN packets.
应用推荐