Undetectable on-line password guessing attacks
- 1 October 1995
- journal article
- Published by Association for Computing Machinery (ACM) in ACM SIGOPS Operating Systems Review
- Vol. 29 (4) , 77-86
- https://doi.org/10.1145/219282.219298
Abstract
Several 3-party-based authentication protocols have been proposed, which are resistant to off-line password guessing attacks. We show that they are not resistant to a new type of attack called "undetectable on-line password guessing attack". The authentication server is not able to notice this kind of attack from the clients' (attacker's) requests, because they don't include enough information about the clients (or attacker). Either freshness or authenticity of these requests is not guaranteed. Thus the authentication server responses and leaks verifiable information for an attacker to verify his guess.Keywords
This publication has 5 references indexed in Scilit:
- Some remarks on protecting weak keys and poorly-chosen secrets from guessing attacksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- SPX: global authentication using public key certificatesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Refinement and extension of encrypted key exchangeACM SIGOPS Operating Systems Review, 1995
- Protecting poorly chosen secrets from guessing attacksIEEE Journal on Selected Areas in Communications, 1993
- Reducing risks from poorly chosen keysACM SIGOPS Operating Systems Review, 1989