Title :
Some remarks on protecting weak keys and poorly-chosen secrets from guessing attacks
Author :
Tsudik, Gene ; Herreweghen, E.
Author_Institution :
IBM Zurich Res. Lab., Ruschlikon, Switzerland
Abstract :
Authentication and key distribution protocols that utilize weak secrets (such as passwords and personal identification numbers) are traditionally susceptible to guessing attacks whereby an adversary iterates through a relatively small key space and verifies the correct guess. Such attacks can be defeated by the use of public key encryption and careful protocol construction. T. Lomas et al. (Proc. of ACM Symp. on Operating Syst. Principles, 1989) investigated this topic and developed a methodology for avoiding guessing attacks while incurring only moderate overhead. Several issues concerning the proposed solution are discussed here, and modifications that remove some of the constraints (such as synchronized time and state retention by the server) and result in simpler and more efficient protocols are suggested
Keywords :
access protocols; authorisation; public key cryptography; security of data; guessing attacks; key distribution protocols; passwords; personal identification numbers; poorly-chosen secrets; protocol construction; public key encryption; state retention; synchronized time; weak secrets; Authentication; Clocks; Computer science; Cryptographic protocols; Cryptography; Laboratories; Operating systems; Pins; Protection; Public key;
Conference_Titel :
Reliable Distributed Systems, 1993. Proceedings., 12th Symposium on
Conference_Location :
Princeton, NJ
Print_ISBN :
0-8186-4310-2
DOI :
10.1109/RELDIS.1993.393465
