Augmented Encrypted Key Exchange: A Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise
The encrypted key exchange (EKE) protocol is augmented so that hosts do not store cleartext passwords. Consequently, adversaries who obtain the one-way encrypted password file may (i) successfully mimic (spoof) the host to the user, and (ii) mount dictionary attacks against the encrypted passwords, but cannot mimic the user to the host. Moreover, the important security properties of EKE are preserved—an active network attacker obtains insufficient information to mount dictionary attacks. Two ways to accomplish this are shown, one using digital signatures and one that relies on a family of commutative one-way functions.
- aeke.pdf application/pdf 66.1 KB Download File
Also Published In
More About This Work
- Academic Units
- Computer Science
- Published Here
- June 28, 2010
Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, Virginia, November 3-5, 1993 (New York: ACM Press, 1993), pp.244-250.