Optimal authentification protocols resistant to password guessing attacks
- 19 November 2002
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- No. 10636900,p. 24-29
- https://doi.org/10.1109/csfw.1995.518549
Abstract
Users are typically authenticated by their passwords. Because people are known to choose convenient passwords, which tend to be easy to guess, authentication protocols have been developed that protect user passwords from guessing attacks. These proposed protocols, however, use more messages and rounds than those protocols that are not resistant to guessing attacks. This paper gives new protocols that are resistant to guessing attacks and also optimal in both messages and rounds, thus refuting the previous belief that protection against guessing attacks makes an authentification protocol inherently more expensive.Keywords
This publication has 9 references indexed in Scilit:
- Encrypted key exchange: password-based protocols secure against dictionary attacksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Some remarks on protecting weak keys and poorly-chosen secrets from guessing attacksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- UNIX Password Security - Ten Years LaterPublished by Springer Nature ,2001
- Protecting poorly chosen secrets from guessing attacksIEEE Journal on Selected Areas in Communications, 1993
- Augmented encrypted key exchangePublished by Association for Computing Machinery (ACM) ,1993
- Optimality of multi-domain protocolsPublished by Association for Computing Machinery (ACM) ,1993
- Lower bounds on messages and rounds for network authentication protocolsPublished by Association for Computing Machinery (ACM) ,1993
- Reducing risks from poorly chosen keysPublished by Association for Computing Machinery (ACM) ,1989
- Password securityCommunications of the ACM, 1979