An authentication method, which includes: a server sends a challenge to a client; the client obtains a first key performs a transformation on the first key utilizing a local hash function to obtain a third key, encrypts the first key and the challenge utilizing the third key to obtain a ciphertext, and sends the ciphertext to the server; the server decrypts the ciphertext utilizing a second key stored locally, obtains a decrypted first key and a decrypted challenge if the second key is the same as the third key, performs a transformation on the decrypted first key utilizing a local hash function to obtain a fourth key, the client passes the authentication if the decrypted challenge and the fourth key are respectively the same as the challenge sent by the server and the second key stored locally by the server.