Encrypted key exchange: password-based protocols secure against dictionary attacks
Citations
641 citations
Cites background or methods from "Encrypted key exchange: password-ba..."
...In particular, this is the case for the KOY protocol [16] and its generalization [13], and some other schemes based on the encrypted key exchange scheme of Bellovin and Merritt [9] (e....
[...]
...Among them are the KOY protocol [16] and its generalization [13], the PAK suite [21], and several other schemes based on the encrypted key exchange scheme of Bellovin and Merritt [9] (e....
[...]
...To better understand the power of these attacks, consider the protocol in Figure 1, based on the encrypted key exchange of Bellovin and Merritt[9], in which the server simply decrypts the message it receives and re-encrypts it under the other user’s password....
[...]
635 citations
Cites background or methods from "Encrypted key exchange: password-ba..."
...A complementary method for addressing predictable passwords is the use of so-called strong password protocols (e.g., SRP [Wu 1998], EKE [Bellovin and Merritt 1992]) designed to provide protection against of.ine guessing attacks by avoiding veri.able text [Gong et al. 1993]....
[...]
..., SRP [Wu 1998], EKE [Bellovin and Merritt 1992]) designed to provide protection against offline guessing attacks by avoiding verifiable text [Gong et al....
[...]
624 citations
Cites background from "Encrypted key exchange: password-ba..."
...Their protocol is named encrypted key exchange (EKE) [29]....
[...]
619 citations
615 citations
Cites methods from "Encrypted key exchange: password-ba..."
...Augmented Encrypted Key Exchange: a Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise Steven M. Bellovin smb @research. att. com Michael Merritt mischu@research, att. com AT& T Bell Laboratories Abstract The encrypted key exchange (EKE) protocol is…...
[...]
References
14,980 citations
"Encrypted key exchange: password-ba..." refers background or methods in this paper
...ElGamal’s algorithm is derived from the DiffieHellman exponential key exchange protocol[2]; accordingly, we will review the latter first....
[...]
...And even this risk is minimal if B performs certain checks to guard against easily-solvable choices: that β is indeed prime, that it is large enough (and hence not susceptible to precalculation of tables), that β − 1 have at least one large prime factor (to guard against Pohlig and Hellman’s algorithm[13]), and that α is a primitive root of GF (β)....
[...]
...The use given above for asymmetric encryption — simply using it to pass a key for a symmetric encryption system — is an example of what Diffie and Hellman[2] call a public key distribution system....
[...]
...It works especially well with exponential key exchange [2]....
[...]
14,659 citations
"Encrypted key exchange: password-ba..." refers methods in this paper
...Section 2 describes the asymmetric cryptosystem variant and implementations using RSA[ 3 ] and ElGamal[4]....
[...]
...We will use RSA[ 3 ] to illustrate the difficulties....
[...]
7,514 citations
2,351 citations
1,937 citations
"Encrypted key exchange: password-ba..." refers background in this paper
...Can such a random odd number less than a known n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p′ + 1 and 2q′ + 1, where p′ and q′ are primes, a choice that is recommended for other reasons [9]....
[...]