Academic Commons


Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks

Bellovin, Steven Michael; Merritt, Michael

Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks.



More About This Work

Academic Units
Computer Science
Published Here
June 28, 2010


Proceedings: 1992 IEEE Computer Society Symposium on Research in Security and Privacy, May 4-6, 1992, Oakland, California (Los Alamitos, Calif.: IEEE Computer Society Press, 1992), pp. 72-84.