RT Journal Article
JF Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
YR 1997
VO 00
SP 0248
TI Extended Password Key Exchange Protocols Immune to Dictionary Attacks
A1 D.P. Jablon,
K1 Internet; extended password key exchange protocols; dictionary attack; stored password-verifier; Simple Password Exponential Key Exchange; authentication; intranet use; Internet
AB Abstract: Strong password methods verify even small passwords over a network without additional stored keys or certificates with the user, and without fear of network dictionary attack. We describe a new extension to further limit exposure to theft of a stored password-verifier, and apply it to several protocols including the Simple Password Exponential Key Exchange (SPEKE). Alice proves knowledge of a password C to Bob, who has a stored verifier S, where S=g/sup C/ mod p. They perform a SPEKE exchange based on the shared secret S to derive ephemeral shared key K/sub 1/. Bob chooses a random X and sends g/sup X/ mod p. Alice computes K=g/sup XC/ mod p, and proves knowledge of {K/sub 1/,K/sub 2/}. Bob verifies this result to confirm that Alice knows C. Implementation issues are summarized, showing the potential for improved performance over Bellovin and Merritt's comparably strong Augmented-Encrypted Key Exchange. These methods make the password a strong independent factor in authentication, and are suitable for both Internet and intranet use.
PB IEEE Computer Society, [URL:http://www.computer.org]
LA English
DO 10.1109/ENABL.1997.630822
LK http://doi.ieeecomputersociety.org/10.1109/ENABL.1997.630822