Articles

Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks

Bellovin, Steven Michael; Merritt, Michael

Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks.

Files

Also Published In

Title
Proceedings: 1992 IEEE Computer Society Symposium on Research in Security and Privacy, May 4-6, 1992
DOI
https://doi.org/10.1109/RISP.1992.213269

More About This Work

Academic Units
Computer Science
Published Here
June 28, 2010

Notes

Proceedings: 1992 IEEE Computer Society Symposium on Research in Security and Privacy, May 4-6, 1992, Oakland, California (Los Alamitos, Calif.: IEEE Computer Society Press, 1992), pp. 72-84.