Encrypted key exchange: password-based protocols secure against dictionary attacks
Citations
37 citations
37 citations
Cites background or methods from "Encrypted key exchange: password-ba..."
...[3℄ S. M. Bellovin and M. Merritt, Augmented en rypted key ex hange: A password-based pro-to ol se ure against di tionary atta ks and password le ompromise, Pro . of the 1st ACMConferen e on Computer and Communi ations Se urity, ACM, November 1993, pp. 244-250....
[...]
...In 1992, Bellovin and Merritt [5] showed that such paradoxical protocols did exist....
[...]
...This fosters the socalled e-residue attack as described in [5]....
[...]
...In fact, many of the proposed protocols for password-authenticated key exchange based on RSA have been shown to be insecure [5, 23, 21]; the only one that remains secure is the SNAPI protocol developed by Mackenzie, et al....
[...]
...In their original paper[2℄, Bellovin and Merritt investigated the feasibility of implementing EKE using three di erent typesof publi -key ryptographi te hniques: RSA, ElGamal, and DiÆe-Hellman key ex hange....
[...]
37 citations
Cites background from "Encrypted key exchange: password-ba..."
...First proposed by Bellovin and Merritt [4] under the name Encrypted Key Exchange (EKE), PAKE allows two parties sharing a short password to establish an authenticated secure channel across an adversarially controlled medium....
[...]
...First proposed by Bellovin and Merritt [4] under the name Encrypted Key Exchange (EKE), PAKE allows two parties sharing a short password to establish an authenticated secure channel across an adversarially controlled medium....
[...]
...[5] Steven M. Bellovin and Michael Merritt....
[...]
...[4] Steven M. Bellovin and Michael Merritt....
[...]
37 citations
37 citations
Cites background from "Encrypted key exchange: password-ba..."
...PAKE protocols can be categorized into two categories according to their security assumptions: (1) RSA based schemes [6,15,19,21], and (2) Diffie–Hellman based schemes [1,6,7]....
[...]
...Since Bellovin and Merritt proposed a Password-based Authenticated Key Exchange (PAKE) protocol secure against dictionary attacks in 1992 [6], lots of PAKE protocols have been proposed so far due to PAKE’s security and simplicity....
[...]
References
14,980 citations
"Encrypted key exchange: password-ba..." refers background or methods in this paper
...ElGamal’s algorithm is derived from the DiffieHellman exponential key exchange protocol[2]; accordingly, we will review the latter first....
[...]
...And even this risk is minimal if B performs certain checks to guard against easily-solvable choices: that β is indeed prime, that it is large enough (and hence not susceptible to precalculation of tables), that β − 1 have at least one large prime factor (to guard against Pohlig and Hellman’s algorithm[13]), and that α is a primitive root of GF (β)....
[...]
...The use given above for asymmetric encryption — simply using it to pass a key for a symmetric encryption system — is an example of what Diffie and Hellman[2] call a public key distribution system....
[...]
...It works especially well with exponential key exchange [2]....
[...]
14,659 citations
"Encrypted key exchange: password-ba..." refers methods in this paper
...Section 2 describes the asymmetric cryptosystem variant and implementations using RSA[ 3 ] and ElGamal[4]....
[...]
...We will use RSA[ 3 ] to illustrate the difficulties....
[...]
7,514 citations
2,351 citations
1,937 citations
"Encrypted key exchange: password-ba..." refers background in this paper
...Can such a random odd number less than a known n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p′ + 1 and 2q′ + 1, where p′ and q′ are primes, a choice that is recommended for other reasons [9]....
[...]