Encrypted key exchange: password-based protocols secure against dictionary attacks
Citations
11 citations
Cites methods from "Encrypted key exchange: password-ba..."
...The original EKE, [2], is essentially Diffie-Hellman with the DH terms encrypted with a symmetric key s∗ derived from the shared password s using a public, deterministic function f, s∗ = f(s):...
[...]
...SPEKE (Simple Password Exponential Key Establishment) SPEKE, [6], is essentially a D-H protocol but with the difference that the generator is not fixed and public but rather is computed as an agreed function of the shared secret s, for example: h(s) := (H(s))2 (mod p) The squaring guarantees that g lies in the appropriate subgroup assuming that we are assuming a safe prime p where p = 2q− 1 with q also prime....
[...]
...PAKE key establishment EKE (Encrypted Key Exchange) The original EKE, [2], is essentially Diffie-Hellman with the DH terms encrypted with a symmetric key s∗ derived from the shared password s using a public, deterministic function f, s∗ = f(s): A→ B : {gx}s∗ B → A : {gy}s∗ The session key is formed as K = gxy....
[...]
11 citations
Cites background from "Encrypted key exchange: password-ba..."
...Their construction follows the approach similar to [2] where a low-entropy password is used to encrypt a high-entropy string....
[...]
11 citations
11 citations
Cites background from "Encrypted key exchange: password-ba..."
...There has been some advance towards password protocols resistant to o-line dictionary attacks [10], [ 3 ], and [9]....
[...]
...Bellovin and Merritt [ 3 ] made similar protocols called Encrypted Key Exchange (EKE) for two party authentication and key exchange using passwords and still had protection against dictionary attacks....
[...]
...Some countermeasures are available [ 3 ], [11]....
[...]
11 citations
Cites background from "Encrypted key exchange: password-ba..."
...At present, they are three strong alternative password authentication systems: Onetime Passwords [2, 13], Object Passwords [16] and Virtual Passwords [14, 29]....
[...]
...Bellovin and Merrit [2], proposed a protocol for exchange of encrypted keys (EKE) and then its extension, which allows preventing the dictionary attacks and the compromise of password files....
[...]
References
14,980 citations
"Encrypted key exchange: password-ba..." refers background or methods in this paper
...ElGamal’s algorithm is derived from the DiffieHellman exponential key exchange protocol[2]; accordingly, we will review the latter first....
[...]
...And even this risk is minimal if B performs certain checks to guard against easily-solvable choices: that β is indeed prime, that it is large enough (and hence not susceptible to precalculation of tables), that β − 1 have at least one large prime factor (to guard against Pohlig and Hellman’s algorithm[13]), and that α is a primitive root of GF (β)....
[...]
...The use given above for asymmetric encryption — simply using it to pass a key for a symmetric encryption system — is an example of what Diffie and Hellman[2] call a public key distribution system....
[...]
...It works especially well with exponential key exchange [2]....
[...]
14,659 citations
"Encrypted key exchange: password-ba..." refers methods in this paper
...Section 2 describes the asymmetric cryptosystem variant and implementations using RSA[ 3 ] and ElGamal[4]....
[...]
...We will use RSA[ 3 ] to illustrate the difficulties....
[...]
7,514 citations
2,351 citations
1,937 citations
"Encrypted key exchange: password-ba..." refers background in this paper
...Can such a random odd number less than a known n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p′ + 1 and 2q′ + 1, where p′ and q′ are primes, a choice that is recommended for other reasons [9]....
[...]