Encrypted key exchange: password-based protocols secure against dictionary attacks
Citations
5 citations
Cites background from "Encrypted key exchange: password-ba..."
...Merritt in 1992 [ 5 ] as a protocol in which the client and server share a plaintext password and exchange encrypted information to allow them to derive a shared session key....
[...]
5 citations
Cites background or methods from "Encrypted key exchange: password-ba..."
...EKE was introduced in 1992 by Bellovin and Meritt [25]....
[...]
...For this we turned to the vast literature on Encrypted Key Exchange [25] and derivatives....
[...]
...Their first protocol is a multi-party extension of the 2-party EKE [25], and the group has a ‘star’ topology....
[...]
5 citations
5 citations
Cites background from "Encrypted key exchange: password-ba..."
...Bellowin and Merrit [4] proposed a protocol called encrypted key exchange (EKE) where a strong shared key is derived from a weak one....
[...]
5 citations
Cites background from "Encrypted key exchange: password-ba..."
...Both EKE and SPEKE have been patent encumbered which has reduced adoption....
[...]
...SPEKE [16] (1996) appears to be better but still has flaws allowing more than one guess of the password on each run [14]....
[...]
...Then Password Authenticated Key Exchange (PAKE) protocols [§4.2] such as J-PAKE [14] or SPEKE [16] can be used to generate a shared key between the device with the keys and the end-point....
[...]
...The first such scheme was EKE [4] (1992) but some flaws have been found in it [14]....
[...]
References
14,980 citations
"Encrypted key exchange: password-ba..." refers background or methods in this paper
...ElGamal’s algorithm is derived from the DiffieHellman exponential key exchange protocol[2]; accordingly, we will review the latter first....
[...]
...And even this risk is minimal if B performs certain checks to guard against easily-solvable choices: that β is indeed prime, that it is large enough (and hence not susceptible to precalculation of tables), that β − 1 have at least one large prime factor (to guard against Pohlig and Hellman’s algorithm[13]), and that α is a primitive root of GF (β)....
[...]
...The use given above for asymmetric encryption — simply using it to pass a key for a symmetric encryption system — is an example of what Diffie and Hellman[2] call a public key distribution system....
[...]
...It works especially well with exponential key exchange [2]....
[...]
14,659 citations
"Encrypted key exchange: password-ba..." refers methods in this paper
...Section 2 describes the asymmetric cryptosystem variant and implementations using RSA[ 3 ] and ElGamal[4]....
[...]
...We will use RSA[ 3 ] to illustrate the difficulties....
[...]
7,514 citations
2,351 citations
1,937 citations
"Encrypted key exchange: password-ba..." refers background in this paper
...Can such a random odd number less than a known n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p′ + 1 and 2q′ + 1, where p′ and q′ are primes, a choice that is recommended for other reasons [9]....
[...]