Some remarks on protecting weak keys and poorly-chosen secrets from guessing attacks

30 December 2002

conference paper
Published by Institute of Electrical and Electronics Engineers (IEEE)

p. 136-141
https://doi.org/10.1109/reldis.1993.393465

Abstract

Authentication and key distribution protocols that utilize weak secrets (such as passwords and personal identification numbers) are traditionally susceptible to guessing attacks whereby an adversary iterates through a relatively small key space and verifies the correct guess. Such attacks can be defeated by the use of public key encryption and careful protocol construction. T. Lomas et al. (Proc. of ACM Symp. on Operating Syst. Principles, 1989) investigated this topic and developed a methodology for avoiding guessing attacks while incurring only moderate overhead. Several issues concerning the proposed solution are discussed here, and modifications that remove some of the constraints (such as synchronized time and state retention by the server) and result in simpler and more efficient protocols are suggested.

Keywords

This publication has 7 references indexed in Scilit:

Protecting poorly chosen secrets from guessing attacks
IEEE Journal on Selected Areas in Communications, 1993
A security risk of depending on synchronized clocks
ACM SIGOPS Operating Systems Review, 1992
Efficient at-most-once messages based on synchronized clocks
ACM Transactions on Computer Systems, 1991
Reducing risks from poorly chosen keys
Published by Association for Computing Machinery (ACM) ,1989
Using encryption for authentication in large networks of computers
Communications of the ACM, 1978
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM, 1978
New directions in cryptography
IEEE Transactions on Information Theory, 1976

Cited by 8 articles