Showing papers on "Password strength published in 1992"
04 May 1992
TL;DR: A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Abstract: Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >
1,571 citations
Journal Article•
TL;DR: Some of the problems of current password security are outlined by demonstrating the ease by which individual accounts may be broken, and one solution to this point of system vulnerability, a proactive password checker is proposed.
Abstract: With the rapid burgeoning of national and international networks, the question of system security has become one of growing importance. High speed inter-machine communication and even higher speed computational processors have made the threats of system {open_quotes}crackers,{close_quotes} data theft, and data corruption very real. This paper outlines some of the problems of current password security by demonstrating the ease by which individual accounts may be broken. Various techniques used by crackers are outlined, and finally one solution to this point of system vulnerability, a proactive password checker, is proposed. 11 refs., 2 tabs.
453 citations
Patent•
28 Apr 1992
TL;DR: In this article, the authors proposed a login protocol that enables remote authentication of a user's password without transmitting the password over the network, but the login agent is not trusted with the user's passwords and is therefore a "semi-trusted" node.
Abstract: Apparatus for protecting the confidentiality of a user's password during a remote login authentication exchange between a user node and a directory service node of a distributed, public key cryptography system includes a specialized server application functioning as an intermediary agent for the login procedure. The login agent has responsibility for approving the user's login attempt and distributing a private key to the user. However, the login agent is not trusted with the user's password and is therefore a "semi-trusted" node. In another aspect of the invention, a login protocol enables remote authentication of the user password without transmitting the password over the network.
282 citations
Patent•
25 Sep 1992TL;DR: In this article, a CPU determines whether a password canceller is connected to a system main body prior to execution of password check processing on the basis of stored password information at the start of the system.
Abstract: A CPU determines whether a password canceller is connected to a system main body prior to execution of password check processing on the basis of stored password information at the start of the system. When the password canceller is connected to the system main body, the CPU clears the stored password information to start the system. However, when the password canceller is not connected to system main body, the CPU executes password check processing and controls the start of the system.
46 citations