Cryptography: Theory and Practice
Cryptography: Theory and Practice
Security proofs for an efficient password-based key exchange
Proceedings of the 10th ACM conference on Computer and communications security
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Efficient and provably secure client-to-client password-based key exchange protocol
APWeb'06 Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development
Hi-index | 0.00 |
Password authentication (PA) is a general and well-known technique to authenticate a user who is trying to establish a connection in distributed web services. The main idea of PA is to remove complex information from users so that they can log on servers only with a human-memorable password at anywhere. So far, many papers have been proposed to set up security requirements and improve the efficiency of PA. Most papers consider practical attacks such as password guessing, impersonation and server compromise which occur frequently in the real world. However, they missed an important and critical risk. A revealed password of a user from a server may affect other servers because most people tend to use a same password on different servers. This enables anyone who obtains a password to easily log onto other servers. In this paper, we first introduce a new notion, called “password pocket” which randomizes user’s password even if he/she types a same password on different servers. When our password pocket is used, an exposed password does not affect other servers any more. The cost of a password pocket is extremely low since it needs to store only one random number securely.