Academic Commons

Articles

Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks

Bellovin, Steven Michael; Merritt, Michael

Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks.

Subjects

Files

More About This Work

Academic Units
Computer Science
Published Here
June 28, 2010

Notes

Proceedings: 1992 IEEE Computer Society Symposium on Research in Security and Privacy, May 4-6, 1992, Oakland, California (Los Alamitos, Calif.: IEEE Computer Society Press, 1992), pp. 72-84.

Academic Commons provides global access to research and scholarship produced at Columbia University, Barnard College, Teachers College, Union Theological Seminary and Jewish Theological Seminary. Academic Commons is managed by the Columbia University Libraries.