Dual-workfactor Encrypted Key Exchange: Efficiently Preventing Password Chaining and Dictionary Attacks

Dual-workfactor Encrypted Key Exchange: Efficiently Preventing Password Chaining and Dictionary Attacks (1996)

Cached

Download Links

[www.usenix.org]

by Barry Jaspan

Citations:

13 - 0 self

BibTeX

@MISC{Jaspan96dual-workfactorencrypted,
    author = {Barry Jaspan},
    title = {Dual-workfactor Encrypted Key Exchange: Efficiently Preventing Password Chaining and Dictionary Attacks},
    year = {1996}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

Password-based key-server protocols are susceptible to password chaining attacks, in which an enemy uses knowledge of a user's current password to learn all future passwords. As a result, the exposure of a single password effectively compromises all future communications by that user. The same protocols also tend to be vulnerable to dictionary attacks against user passwords. Bellovin and Merrit[1] presented a hybrid of symmetric- and public-key cryptography called Encrypted Key Exchange (EKE) that cleanly solves the dictionary attack problem. This paper presents an extension of their ideas called dual-workfactor encrypted key exchange that preserves EKE's strength against dictionary attacks but also efficiently prevents passive password-chaining attacks.

Citations

2292	New Directions in Cryptography - Diffie, Hellman - 1976
783	Using encryption for authentication in large networks of computers - Needham, Schroeder - 1978
671	Applied Cryptography: Protocols, Algorithms, and Source Code in C - Schneier - 1996
581	Kerberos: An authentication service for open network systems - Steiner, Neuman, et al. - 1988
326	Kerberos: An authentication service for computer networks - Neuman, Ts’o - 1994
293	Encrypted key exchange: Password-based protocols secure against dictionary attacks - Bellovin, Merritt - 1992
256	An improved algorithm for computing logarithms over GF (p) and its cryptographic significance - Pohlig, Hellman - 1978
231	Authentication and Authenticated Key Exchanges - Diffie, Oorschot, et al. - 1992
109	Limitations of the Kerberos authentication system - Bellovin, Merritt - 1991
85	X.509: The Directory Authentication Framework - CCITT - 1989
69	Photuris: Session-Key Management Protocol", RFC 2522 - Karn, Simpson - 1999
51	On Diffie-Hellman key agreement with short exponents - Oorschot, Wiener - 1996
49	Reducing Risks from Poorly Chosen Keys - Lomas, Gong, et al. - 1989
44	UNIX Password Security - Ten Years Later - Feldmeier, Karn - 1990
35	RFC 1510, The Kerberos Network Authentication Service (V5) [S - Neuman - 1993
33	Odlyzko, Computation of discrete logarithms in prime fields - LaMacchia, M
30	Undetectable On-line Password Guessing Attacks - Ding, Horster - 1995
24	Observations on Reusable Password Choices - Spafford - 1992
10	Cryptographic protocol for secure communications - Bellovin, Merritt
4	Anatomy of a proactive password checker - Bishop - 1992
4	Kerberos With Clocks Adrift: History, Protocols, and Implementation", USENIX Computing Systems 9:1 - Davis, Geer, et al. - 1996
2	Public key cryptographic apparatus and method - Hellman, Merkle - 1980
2	Integrating single-use authentication mechanisms with Kerberos - Neuman, Zorn - 1995
1	working group. Standard for RSA, Diffie-Hellman, and Related Public Key Cryptography: Appendix E - P1363 - 1995