Internet Archive Scholar

Extended password key exchange protocols immune to dictionary attack

D.P. Jablon
Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (96.5 kB)
https://web.archive.org/web/20170809141755/http://www.jablon.org/jab97.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL. The file type is application/pdf.

Strong password methods verify even small passwords over a network without additional stored keys or certificates with the user, and without fear of network dictionary attack. We describe a new extension to further limit exposure to theft of a stored password-verifier, and apply it to several protocols including the Simple Password Exponential Key Exchange (SPEKE). Alice proves knowledge of a password C to Bob, who has a stored verifier S, where S=g C mod p. They perform a SPEKE exchange based
more » ... n the shared secret S to derive ephemeral shared key K 1 . Bob chooses a random X and sends g X mod p. Alice computes K 2 =g XC mod p, and proves knowledge of {K 1 ,K 2 }. Bob verifies this result to confirm that Alice knows C. Implementation issues are summarized, showing the potential for improved performance over Bellovin & Merritt's comparably strong Augmented-Encrypted Key Exchange. These methods make the password a strong independent factor in authentication, and are suitable for both Internet and intranet use.
doi:10.1109/enabl.1997.630822 dblp:conf/wetice/Jablon97 fatcat:jkqs4bagmrca5fj4vjhnthdvwu
Citation

D.P. Jablon. "Extended password key exchange protocols immune to dictionary attack." Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises 248-255