Augmented Encrypted Key Exchange: A Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise

Bellovin, Steven Michael; Merritt, Michael

The encrypted key exchange (EKE) protocol is augmented so that hosts do not store cleartext passwords. Consequently, adversaries who obtain the one-way encrypted password file may (i) successfully mimic (spoof) the host to the user, and (ii) mount dictionary attacks against the encrypted passwords, but cannot mimic the user to the host. Moreover, the important security properties of EKE are preserved—an active network attacker obtains insufficient information to mount dictionary attacks. Two ways to accomplish this are shown, one using digital signatures and one that relies on a family of commutative one-way functions.



More About This Work

Academic Units
Computer Science
Published Here
June 28, 2010


Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, Virginia, November 3-5, 1993 (New York: ACM Press, 1993), pp.244-250.