Title :
Encrypted key exchange: password-based protocols secure against dictionary attacks
Author :
Bellovin, Steven M. ; Merritt, Michael
Author_Institution :
AT&T Bell Lab., Murray Hill, NJ, USA
Abstract :
Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks
Keywords :
authorisation; cryptography; data privacy; glossaries; message authentication; protocols; authentication; cryptographic protocols; insecure network; offline dictionary attacks; password-based protocols; public-key cryptography; secret-key cryptography; user-chosen keys; Authentication; Cryptographic protocols; Dictionaries; Protection; Public key; Public key cryptography; Random number generation; Security;
Conference_Titel :
Research in Security and Privacy, 1992. Proceedings., 1992 IEEE Computer Society Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-2825-1
DOI :
10.1109/RISP.1992.213269
