Title :
Analysis of a Password Strengthening Technique and Its Practical Use
Author_Institution :
Dept. of Automatics & Appl. Inf., Politeh. Univ. of Timisoara, Timisoara, Romania
Abstract :
Besides commonly used password strengthening techniques such as salting or repeated applications of a one-way function on the password, we account a less common procedure: the truncation of the output from a one-way function on the password. This technique is used in a Norwegian ATM and a similar method is part of an authentication protocol from Anderson and Lomas which makes use of collision-full hash functions. We depict a probabilistic bound on the probability of guessing the password in the Anderson-Lomas protocol and we propose some improvements on the protocol. Further, the improved protocol proves to be a good solution for a password based authentication between two devices that authenticate in the absence of a previously known secret or of a trusted third party. The protocol proves to have all the desired properties for this scenario.
Keywords :
cryptographic protocols; message authentication; probability; Anderson-Lomas authentication protocol; Norwegian ATM; collision-full hash function; one-way password function; password strengthening technique; probabilistic bound; salting password; trusted third party; Application software; Authentication; Computer security; Dictionaries; Entropy; Humans; Informatics; Information analysis; Information security; Protocols; authentication; password; protocol;
Conference_Titel :
Emerging Security Information, Systems and Technologies, 2009. SECURWARE '09. Third International Conference on
Conference_Location :
Athens, Glyfada
Print_ISBN :
978-0-7695-3668-2
DOI :
10.1109/SECURWARE.2009.52
