Security Analysis of Guangyu classified protection explanation

Recently, Guangyu game launched a new account protection product, that is, the Guangyu mi Bao Qiankun lock. This type of security protection is a kind of object with a lock. It can be carried with you on the key chain. It looks like a general USB flash drive and does not have any buttons. the LCD screen will continue to display 6 dynamic passwords.

According to the official introduction, the dynamic password technology used by Guangyu mibao Qiankun lock is regarded as the most effective solution to protect accounts. So in fact, what is the security of the Guangyu mi Qiankun lock?

Security of dynamic passwords

First, let's explain what a dynamic password is, and a dynamic password is a one-time password, which is constantly changing on time or times of use. Each password can only be used once.

From a technical perspective, dynamic passwords can be implemented in three modes: time synchronization, event synchronization, and challenge response. In contrast, challenge response is applicable to client software. In event synchronization mode, multiple dynamic passwords generated by event-triggered encryption algorithms are predictable because time is not taken into account. In the time synchronization mode, when the time element is added, the operation of the special cryptographic algorithm depends on the time. The update frequency is 60 seconds/time, and the possibility of the dynamic password being predicted is minimal.

At present, the dynamic password Application Mode of time synchronization is the most recognized in terms of security, and this implementation mode is used by Guangyu mi Bao Qiankun lock.

Security Analysis of Guangyu mi Bao Qiankun lock

Time Synchronization: displays the time synchronization between the terminal and the server by using a series of operations to generate consistent dynamic passwords. Generally, the update cycle is set to 60 seconds;

In the time synchronization mode, the dynamic password terminal generates a chip to run the password algorithm based on the current time, and then displays the current password on the screen of the Qiankun lock, the authentication server uses the same algorithm to calculate the current valid password. The password used by the user is generated by the dynamic password terminal, which is physically isolated from the computer, no hacker Trojan can intrude into the system.

Because each login requires a different password, even if the hacker intercepts the password once, the password will be invalid if it exceeds the time limit, and a different password will be required next time. This change and one-time setting, hackers cannot complete the verification even if they steal the password.

However, it is worth noting that, despite the high security of the Guangyu mi Qiankun lock, the dynamic password technology is essentially a single-key encryption, so the security of the server is very important. In the server-side authentication system, all dynamic passwords can be calculated, which poses certain security threats. Of course, unless hackers focus on cracking the authentication server system. This relies on Guangyu's security protection for the authentication server system. If this security guarantee is well implemented, the security threats can be ignored.

Summary:

In general, the security of the Guangyu mi Bao Qian Kun lock is much higher than that of other types in the online gaming industry. However, users still need to pay attention to two points during use, the first is to ensure that the security protection itself is not obtained by people, and the second is that once the security protection is lost, the loss should be reported immediately and the new security protection should be adopted in time, so as to maximize the security of the account.