Extended password key exchange protocols immune to dictionary attack

D.P. Jablon
Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises  
Strong password methods verify even small passwords over a network without additional stored keys or certificates with the user, and without fear of network dictionary attack. We describe a new extension to further limit exposure to theft of a stored password-verifier, and apply it to several protocols including the Simple Password Exponential Key Exchange (SPEKE). Alice proves knowledge of a password C to Bob, who has a stored verifier S, where S=g C mod p. They perform a SPEKE exchange based
more » ... n the shared secret S to derive ephemeral shared key K 1 . Bob chooses a random X and sends g X mod p. Alice computes K 2 =g XC mod p, and proves knowledge of {K 1 ,K 2 }. Bob verifies this result to confirm that Alice knows C. Implementation issues are summarized, showing the potential for improved performance over Bellovin & Merritt's comparably strong Augmented-Encrypted Key Exchange. These methods make the password a strong independent factor in authentication, and are suitable for both Internet and intranet use.
doi:10.1109/enabl.1997.630822 dblp:conf/wetice/Jablon97 fatcat:jkqs4bagmrca5fj4vjhnthdvwu