Reducing risks from poorly chosen keys
SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
Timestamps in key distribution protocols
Communications of the ACM
Password security: a case history
Communications of the ACM
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Securing passwords against dictionary attacks
Proceedings of the 9th ACM conference on Computer and communications security
Pricing via Processing or Combatting Junk Mail
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
DOS-Resistant Authentication with Client Puzzles
Revised Papers from the 8th International Workshop on Security Protocols
Defending Against Denial-of-Service Attacks with Puzzle Auctions
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Time-lock Puzzles and Timed-release Crypto
Time-lock Puzzles and Timed-release Crypto
Using client puzzles to protect TLS
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
SSH: secure login connections over the internet
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Hi-index | 0.00 |
Passwords are one of the most common cause of system break-ins, because the low entropy of passwords makes systems vulnerable to brute force guessing attacks (dictionary attacks). Existing Strong Password-based Authentication and Key Agreement (SPAKA) protocols protect passwords from passive (eavesdropping-offline dictionary) attacks, but not from active online dictionary attacks. This paper presents a simple scheme that strengthens password-based authentication protocols and helps prevent online dictionary attacks as well as many-to-many attacks common to 3-pass SPAKA protocols. The proposed scheme significantly increases the computational burden of an attacker trying to launch online dictionary attacks, while imposing negligible load on the legitimate clients as well as on the authentication server.