• DocumentCode
    923610
  • Title

    Protecting poorly chosen secrets from guessing attacks

  • Author

    Gong, Li ; Lomas, Mark A. ; Needham, Roger M. ; Saltzer, Jerome H.

  • Author_Institution
    SRI Int., Menlo Park, CA, USA
  • Volume
    11
  • Issue
    5
  • fYear
    1993
  • fDate
    6/1/1993 12:00:00 AM
  • Firstpage
    648
  • Lastpage
    656
  • Abstract
    In a security system that allows people to choose their own passwords, people tend to choose passwords that can be easily guessed. This weakness exists in practically all widely used systems. Instead of forcing users to choose secrets that are likely to be difficult for them to remember, solutions that maintain user convenience and a high level of security at the same time are proposed. The basic idea is to ensure that data available to the attacker is sufficiently unpredictable to prevent an offline verification of whether a guess is successful or not. Common forms of guessing attacks are examined, examples of cryptographic protocols that are immune to such attacks are developed, and a systematic way to examine protocols to detect vulnerabilities to such attacks is suggested
  • Keywords
    cryptography; protocols; authentication; cryptographic protocols; guessing attacks; passwords; secrets protection; security system; Authentication; Computer science; Cryptographic protocols; Cryptography; Data security; Dictionaries; Information security; Laboratories; Operating systems; Protection;
  • fLanguage
    English
  • Journal_Title
    Selected Areas in Communications, IEEE Journal on
  • Publisher
    ieee
  • ISSN
    0733-8716
  • Type

    jour

  • DOI
    10.1109/49.223865
  • Filename
    223865
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=923610