Encrypted key exchange: password-based protocols secure against dictionary attacks
Citations
355 citations
Cites background from "Encrypted key exchange: password-ba..."
..., [7], [8]) have to maintain a sensitive password (or salted password) table on the server....
[...]
..., [7], [8]), the attacker A is generally assumed to be able to eavesdrop, block, alter or insert messages exchanged between the communicating parties, i....
[...]
338 citations
325 citations
324 citations
Cites methods from "Encrypted key exchange: password-ba..."
...SPAKE2 is a also variation of the password-based encrypted key exchange protocol of Bellovin and Merritt[7] and is almost exactly like SPAKE1....
[...]
...SPAKE1 is a variation of the password-based encrypted key exchange protocol of Bellovin and Merritt [7], in which we replace the encryption function Epw(.) with a simple one-time pad function....
[...]
...The seminal work in the area of password-based key exchange is the encrypted key exchange (EKE) protocol of Bellovin and Merritt [7]....
[...]
...1 Description SPAKE2 is a also variation of the password-based encrypted key exchange protocol of Bellovin and Merritt[7] and is almost exactly like SPAKE1....
[...]
...However, such protocols tend to be less efficient than those based on the EKE protocol of Bellovin and Merritt [7]....
[...]
300 citations
Cites background or methods from "Encrypted key exchange: password-ba..."
...This is an unusual protocol due to Bellovin and Merritt [15] and has the following steps:...
[...]
...An example of such is the unusual (but seemingly very effective) Encrypted Key Exchange (EKE) protocol by Bellovin and Merritt [15]....
[...]
...Protocols using passwords have been addressed by several authors [15], [54]....
[...]
References
14,980 citations
"Encrypted key exchange: password-ba..." refers background or methods in this paper
...ElGamal’s algorithm is derived from the DiffieHellman exponential key exchange protocol[2]; accordingly, we will review the latter first....
[...]
...And even this risk is minimal if B performs certain checks to guard against easily-solvable choices: that β is indeed prime, that it is large enough (and hence not susceptible to precalculation of tables), that β − 1 have at least one large prime factor (to guard against Pohlig and Hellman’s algorithm[13]), and that α is a primitive root of GF (β)....
[...]
...The use given above for asymmetric encryption — simply using it to pass a key for a symmetric encryption system — is an example of what Diffie and Hellman[2] call a public key distribution system....
[...]
...It works especially well with exponential key exchange [2]....
[...]
14,659 citations
"Encrypted key exchange: password-ba..." refers methods in this paper
...Section 2 describes the asymmetric cryptosystem variant and implementations using RSA[ 3 ] and ElGamal[4]....
[...]
...We will use RSA[ 3 ] to illustrate the difficulties....
[...]
7,514 citations
2,351 citations
1,937 citations
"Encrypted key exchange: password-ba..." refers background in this paper
...Can such a random odd number less than a known n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p′ + 1 and 2q′ + 1, where p′ and q′ are primes, a choice that is recommended for other reasons [9]....
[...]