• DocumentCode
    3144847
  • Title

    Encrypted key exchange: password-based protocols secure against dictionary attacks

  • Author

    Bellovin, Steven M. ; Merritt, Michael

  • Author_Institution
    AT&T Bell Lab., Murray Hill, NJ, USA
  • fYear
    1992
  • fDate
    4-6 May 1992
  • Firstpage
    72
  • Lastpage
    84
  • Abstract
    Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks
  • Keywords
    authorisation; cryptography; data privacy; glossaries; message authentication; protocols; authentication; cryptographic protocols; insecure network; offline dictionary attacks; password-based protocols; public-key cryptography; secret-key cryptography; user-chosen keys; Authentication; Cryptographic protocols; Dictionaries; Protection; Public key; Public key cryptography; Random number generation; Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Research in Security and Privacy, 1992. Proceedings., 1992 IEEE Computer Society Symposium on
  • Conference_Location
    Oakland, CA
  • Print_ISBN
    0-8186-2825-1
  • Type

    conf

  • DOI
    10.1109/RISP.1992.213269
  • Filename
    213269
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3144847