Some remarks on protecting weak keys and poorly-chosen secrets from guessing attacks
- 30 December 2002
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
Authentication and key distribution protocols that utilize weak secrets (such as passwords and personal identification numbers) are traditionally susceptible to guessing attacks whereby an adversary iterates through a relatively small key space and verifies the correct guess. Such attacks can be defeated by the use of public key encryption and careful protocol construction. T. Lomas et al. (Proc. of ACM Symp. on Operating Syst. Principles, 1989) investigated this topic and developed a methodology for avoiding guessing attacks while incurring only moderate overhead. Several issues concerning the proposed solution are discussed here, and modifications that remove some of the constraints (such as synchronized time and state retention by the server) and result in simpler and more efficient protocols are suggested.Keywords
This publication has 7 references indexed in Scilit:
- Protecting poorly chosen secrets from guessing attacksIEEE Journal on Selected Areas in Communications, 1993
- A security risk of depending on synchronized clocksACM SIGOPS Operating Systems Review, 1992
- Efficient at-most-once messages based on synchronized clocksACM Transactions on Computer Systems, 1991
- Reducing risks from poorly chosen keysPublished by Association for Computing Machinery (ACM) ,1989
- Using encryption for authentication in large networks of computersCommunications of the ACM, 1978
- A method for obtaining digital signatures and public-key cryptosystemsCommunications of the ACM, 1978
- New directions in cryptographyIEEE Transactions on Information Theory, 1976