Showing papers on "Password strength published in 1991"

Remote password authentication with smart cards

Abstract: A remote password authentication scheme based on the Chinese remainder theorem is proposed. The scheme can verify the remote password without verification tables. In the initial phase, the password generation centre generates and assigns a password corresponding to each user. The ideas of smart cards and the identity-based signature scheme introduced by Shamir are employed in this phase. Each user possesses a smart card for later login and authentication. In the login phase, the user submits the identity and password associated with the smart card. In the authentication phase, the system verifies the remotely submitted password to check if the login request is accepted or rejected. A signature scheme and communication timestamps are provided in the authentication phase against the potential attacks of replaying a previously intercepted login request.

Method and apparatus for password protection of a computer

Abstract: A method and apparatus for password protecting a personal, laptop or single user computer. The user's password entry is compared to the value of a secondary password retained by the computer as well as the value of the user's stored primary password. The user may thus access the computer when his primary password is corrupted or forgotten by obtaining an alternate password from the computer manufacturer which matches the secondary password generated or stored by the computer. The operation of the method and the organization of the apparatus make the secondary and alternate passwords valid for a limited time, thereby preserving the overall integrity of the password protection system. The primary, secondary and alternate passwords may be encrypted for added security.

A dynamic password authentication method using a one-way function

Abstract: A new password-based authentication system CINON is proposed for use in communications and computer systems It employs a one-way function to perform the required authentication of communicating users CINON maintains its security in spite of a wiretap or the theft of a password file, and it is not necessary to replace the correspondents' public passwords CINON can be realized with only a few computations This paper evaluates the CINON system and compares it with the Lamport authentication system, an earlier system which uses a one-way data transformation In comparison with the Lamport system, CINON's execution speed is faster by a factor of perhaps several hundred to a thousand

Password management

Abstract: Problems of password selection and password management are discussed. Using a simple yet powerful model, the author describes ways to select passwords and identifies two techniques of hindering the compromise of a system by guarding the information and algorithms used to validate user passwords. It is pointed out that obtaining access to a system, or to resources on the system, is the first step in attacking the system. Penetration by obtaining, or guessing, a password is a time-honored, and extremely effective, technique for gaining such access; thus, a firm understanding of passwords, their uses, and techniques for password management are essential to the security of any computer system. >

A public-key based dynamic password scheme

Abstract: A dynamic password authentication scheme based on public-key concept is proposed. The login password is changed dynamically and users can use this scheme within a remote login environment. Since we employ the public-key concept to bind each user's password to that user's identification, we eliminate the necessity for the system to store the encrypted password file. This approach has greatly reduced the risk of cracking the password from attacking the encrypted password file. In addition, the amount of information needed to be stored in the host system is reduced. >

User password identification for data processing network access - generating multiple-parameter key from single password per user to enable access to many routines

Abstract: The data processing network contains a password identification unit. Upon entry of a password, a user is allocated a unique `key' which determines access limits to the network and may be constructed of the following parameters: a mask defining routines to which access is allowed, user network location, entry date, permitted access duration. The identification unit may also encode the `key' for added security. ADVANTAGE - Single password per user for entering several processes. Ease of central password management without affecting network routines. Password identifier and `key' generator protected from tampering. Unused passwords can be set to expire automatically.

A password authentication scheme based on discrete logarithms

Abstract: Inspired from the Diffie-Hellman key distribution system and the ElGamal's digital signature scheme, we propose a password authentication scheme in this paper. By the implementation of smart cards, a user can originate a login request without revealing his possessed password in an insecure channel. Without any verification table, our scheme can verify users' login requests easily. A timestamp is also embedded in users' login requests against the potential attacks on replaying previously intercepted login requests.