scispace - formally typeset
Search or ask a question

Showing papers on "Password strength published in 2000"


Book ChapterDOI
14 May 2000
TL;DR: The first Diffie-Hellman-based password-authenticated key exchange protocol was proposed in this article, which is provably secure in the random oracle model against both passive and active adversaries.
Abstract: When designing password-authenticated key exchange protocols (as opposed to key exchange protocols authenticated using cryptographically secure keys), one must not allow any information to be leaked that would allow verification of the password (a weak shared key), since an attacker who obtains this information may be able to run an off-line dictionary attack to determine the correct password. We present a new protocol called PAK which is the first Diffie-Hellman-based password-authenticated key exchange protocol to provide a formal proof of security (in the random oracle model) against both passive and active adversaries. In addition to the PAK protocol that provides mutual explicit authentication, we also show a more efficient protocol called PPK that is provably secure in the implicit -authentication model. We then extend PAK to a protocol called PAK-X, in which one side (the client) stores a plaintext version of the password, while the other side (the server) only stores a verifier for the password. We formally prove security of PAK-X, even when the server is compromised. Our formal model for password-authenticated key exchange is new, and may be of independent interest.

790 citations


Proceedings ArticleDOI
W. Ford1, Burton S. Kaliski
04 Jun 2000
TL;DR: This work describes a credentials server model and supporting protocol that overcomes the vulnerability to exhaustive password guessing attack at the server, and provides for securely generating a strong secret from a weak secret (password) based on communications exchanges with two or more independent servers.
Abstract: A roaming user, who accesses a network front different client terminals, can be supported by a credentials server that authenticates the user by password then assists in launching a secure environment for the user. However, traditional credentials server designs are vulnerable to exhaustive password guessing attack at the server. We describe a credentials server model and supporting protocol that overcomes that deficiency. The protocol provides for securely generating a strong secret from a weak secret (password), based on communications exchanges with two or more independent servers. The result can be leveraged in various ways, for example, the strong secret can be used to decrypt an encrypted private key or it can be used in strongly authenticating to an application server. The protocol has the properties that a would-be attacker cannot feasibly complete the strong secret and has only a limited opportunity to guess the password, even if he or she has access to all messages and has control over some, but not all, of the servers.

226 citations


Patent
Sten-Olov Engberg1, Ake Jonsson1
06 Mar 2000
TL;DR: In this article, a password setting system for a secure system includes a user token server and a communication module, where the server creates a new password by concatenating a secret passcode that is known to the user with the token.
Abstract: A password setting system for a secure system includes a user token server and a communication module. The user token server generates a random token in response to a request for a new password from a user. The server creates a new password by concatenating a secret passcode that is known to the user with the token. The server sets the password associated with the user's user ID to be the new password. The communication module transmits the token to a personal communication device, such as a mobile phone or a pager carried by the user. The user concatenates the secret passcode with the received token in order to form a valid password, which the user submits to gain access to the secure system. Accordingly, access to the system is based upon: nonsecret information known to the user, such as the user ID; secret information known to the user, such as the passcode; and information provided to the user through an object possessed by the user, such as the token.

171 citations


Patent
17 Jul 2000
TL;DR: In this paper, the authors proposed an escrow system in which a user can provide a password or other secret information for later retrieval by entering a series of information uniquely describing himself or herself.
Abstract: The invention employs a voluntary identification/definition phase performed, for example, shortly after a computer is purchased, and a secret information retrieval phase. In the definition phase, the true owner/customer defines an escrow record which provides self-identification data together with encrypted password data. The present invention prompts a user to voluntarily escrow password or other secret information for later retrieval by entering a series of information uniquely describing himself or herself. The identification indicia is combined with the secret information (such as the user's encryption password) and is then encrypted under the control of the trustee's public key. The combined information may be encrypted, for example, under a random symmetric key (such as DES) which is then encrypted under the trustee's public key. After unique identification data has been entered, the user is asked to select a password to protect the system. Thereafter, all the personal identifying data, together with the password, is encrypted with the trustee's public key and is stored, for example, in the user's computer as an escrow security record. The password is then used to encrypt all data on the user's disk. If at some point in time in the future, the user forgets the password, the retrieval phase of the applicant's invention is performed. Under such circumstances, the user contacts the trustees, e.g., the vendor or manufacturer. The trustee utilizes documentary, evidence presented by the alleged legitimate user and determines whether such evidence matches with the previously encrypted escrow information stored in the escrow record created by the user. If they agree, then the trustee has confidence that the true owner is making the request, and that revealing the secret key will not betray the owner's interest.

153 citations



01 Jan 2000
TL;DR: A new protocol called AMP, which allows the Di eHellman based key agreement and is actually superior to other related work in terms of e ciency and generalization features, is introduced.
Abstract: Human-memorable password authentication is not easy to provide over insecure networks due to the low entropy of the password. Such a password is typically vulnerable to dictionary attacks. A cryptographic protocol is the most promising solution to this problem. So far, numerous password authentication protocols have been proposed. Among them, A-EKE is a great landmark of veri er-based protocol and is followed by many distinguished protocols[7, 18, 34, 23, 9] such as SRP that is notable in its e ciency and SNAPI-X that is the rst provable approach of those protocols[34, 23]. Veri er-based protocols allow the asymmetric model in which a client possesses a password, while a server stores its veri er. Inspired by those works, this paper introduces a new protocol called AMP in a provable manner. It is the ultimate result of the author's AMP(Authentication and key agreement via Memorable Password) research project. AMP allows the Di eHellman based key agreement and is actually superior to other related work in terms of e ciency and generalization features. We give a rigorous comparison to them.

131 citations


Journal ArticleDOI
TL;DR: This paper presents a secure method for protecting passwords while being transmitted over untrusted networks and introduces a new scheme that only employs a collision-resistant hash function such as SHA-1.

126 citations


Patent
Ernie Brickell1, Keen Chan1
29 Sep 2000
TL;DR: In this paper, a password is split into a plurality of pieces and the pieces are stored at different remote servers, each of which has the property that together they can determine that the user has knowledge of the correct password.
Abstract: A password is split into a plurality of pieces. The pieces are stored at different remote servers. The different remote servers have the property that together they can determine that the user has knowledge of the correct password. If any subset of the servers are compromised, the compromised subset cannot convince any remaining servers that they know the password.

123 citations


Patent
Mohammad Peyravian1, Nevenko Zunic1
14 Apr 2000
TL;DR: A secure method for changing a password to a new password when the passwords are being transmitted over a network is presented in this article, which does not require the use of any additional public/private key pairs to protect the password exchanges.
Abstract: A secure method for changing a password to a new password when the passwords are being transmitted over a network is presented. The present invention does not require the use of any additional keys (such as symmetric keys or public/private key pairs) to protect the password exchanges. Moreover, the present solution does not require the use of any encryption algorithms (such as DES, RC4/RC5, etc.), it only requires the use of a collision-resistant hash function.

91 citations


Patent
Ernie Brickell1
21 Apr 2000
TL;DR: In this paper, a private key is securely distributed to a user of a remote client computer over an insecure channel, where the user only has to remember one login name and a single associated password.
Abstract: A private key may be securely distributed to a user of a remote client computer over an insecure channel. The user's private key is transmitted to the client from a remote server in an encrypted format. A first hash of the user's password is transmitted to the remote server and is used to authenticate the user. A second hash of the user's password remains with the client computer and is used to decrypt the user's private key. The user only has to remember one login name and a single associated password. Thus, the private key can be securely distributed from the remote server to the client computer system. The distribution does not require the user to carry any special hardware devices and only requires a single password. Because the private key is not permanently stored at the client computers, even if an unauthorized user has access to the client computers, they are not likely to be able to obtain the private key. Similarly, because the remote server only has access to an encrypted version of the private key, and because the remote server does not store and has no way of uncovering the user's password, the remote server, even if broken in to, is not likely to compromise the user's private key.

84 citations


Patent
Paul Shala Henry1, Hui Luo1
11 Aug 2000
TL;DR: In this article, a common password method is disclosed which provides both convenience and security assurance for users who have multiple accounts protected by passwords, and a designated password for each account is generated by a hash function of the common password and some account-dependent information.
Abstract: A common password method is disclosed which provides both convenience and security assurance for users who have multiple accounts protected by passwords. According to the present invention, a user only needs to remember a common password to access any of the user's accounts. A designated password for each account is generated by a hash function of the common password and some account-dependent information. The hash value is calculated at the user's computer, and then submitted as a designated password to a server. Thus, each account is protected by the distinct designated password, and the common password is never revealed in an unauthorized manner.

Patent
17 Nov 2000
TL;DR: In this article, a password-based security program, an encrypted password, and an encryption key are used to prevent unauthorized access to a portable computer or other valuable device stored in the BIOS.
Abstract: The BIOS device or some other secure store of a portable computer or other valuable device stores a password-based security program, an encrypted password, and an encryption key. When the PC is booted, the security program executes first and prompts the user for a password, encrypts it with the stored key, and compares it with the stored password. If the passwords do not match, boot is aborted and the PC is disabled. Only if the passwords do match is boot continued and use of the PC enabled. If this security measure is advertised, theft of the PC is deterred because of the difficulty of accessing or bypassing the password and the security program in the BIOS device. The encrypted password is also registered with a remote trusted certificate authority or is stored on a local external storage device. To establish or change the password, a communication connection is established from the PC to the TCA or storage device. If a password already exists in the PC, it is compared against the password stored by the TCA or the storage device. If they match, or if a password does not yet exist, the user is prompted for a new password, which is then encrypted and stored in both the BIOS device and the TCA or storage device. The password is also available for retrieval from the TCA or storage device in case the user forgets it.

Patent
Ernie Brickell1, Matthew D. Wood1
29 Sep 2000
TL;DR: To protect a private cryptographic key, two values are derived as discussed by the authors, and two values together can reconstruct the key, one value is sent to a server and deleted from the local machine, while the other value is held by the user to use the key.
Abstract: To protect a private cryptographic key, two values are derived The two values together can reconstruct the key One value is sent to a server and deleted from the local machine The other value is held by the local machine To use the key, the user will enter a password, which will be used to authenticate the user to the server, and retrieve the value from the server The password is also used to unlock the value held by the local machine The private cryptographic key is thus protected against brute force password attacks without changing the behavior of the user

Patent
18 Dec 2000
TL;DR: In this paper, a method, instructions and system for establishing and enforcing change password policy in a single sign on environment is provided, where the target password is modified in a user selected manner to match the second single sign-on password to create a modified target password.
Abstract: A method, instructions and system is provided for establishing and enforcing change password policy in a single sign on environment. In response to receiving a change instruction identifying a first single sign-on password, the first single sign-on password is changed to create a second single sign-on password. Then a target password is retrieved. The target password is modified in a user selected manner to match the second single sign-on password to create a modified target password. The modified target password is stored. In response to a request from a user requesting access to an application, the modified target password is retrieved and the modified target password is provided to the requested application.

Patent
11 Dec 2000
TL;DR: In computer environments where passwords are used to compute retained secrets by methods such as password-based encryption, the authors describes a method that allows a fully operational system to modify the retained secrets without retaining passwords or requiring human intervention.
Abstract: In computer environments where passwords are used to compute retained secrets by methods such as password-based encryption, a need often arises to update these secrets. Retaining the password value, or the keys computed from the password, would be unwise; and requiring each password owner to type in their password would be cumbersome. The present invention describes a method that allows a fully operational system to modify the retained secrets without retaining passwords or requiring human intervention.

Patent
14 Aug 2000
TL;DR: In this article, a Diffie-Hellman type key exchange protocol is proposed, in which the DiffieHellman value is combined with a function of at least a password using group operation such that the value may be extracted by the other party using the inverse group operation and knowledge of the password.
Abstract: Secure communication protocols are disclosed in which two parties generate a shared secret which may be used as a secure session key for communication between the parties. The protocols are based on Diffie-Hellman type key exchange in which a Diffie-Hellman value is combined with a function of at least a password using the group operation such that the Diffie-Hellman value may be extracted by the other party using the inverse group operation and knowledge of the password. In one embodiment, each of the parties explicitly authenticates the other party, while in another embodiment, the parties utilize implicit authentication relying on the generation of an appropriate secret session key to provide the implicit authentication. Typically, the parties will be a client computer and a server computer. In accordance with other embodiments of the invention, in order to protect against a security compromise at the server, the server is not in possession of the password, but instead is provided with, and stores, a so-called password verifier which is a function of the password and where the password itself cannot be determined from the value of the password verifier.

Book ChapterDOI
03 Dec 2000
TL;DR: The results show that the hashing algorithm is very good at extracting almost all of the available strength from the underlying cryptographic primitive and provide good reason for confidence in the Unix construction.
Abstract: We give the first proof of security for the full Unix password hashing algorithm (rather than of a simplified variant). Our results show that it is very good at extracting almost all of the available strength from the underlying cryptographic primitive and provide good reason for confidence in the Unix construction.

Patent
18 Jan 2000
TL;DR: In this paper, the authors propose to change the way to encipher a registered user password at each time to reduce the probability that the user password is deciphered by the third party as much as possible.
Abstract: PROBLEM TO BE SOLVED: To surely prevent leakage of important information by changing the way to encipher a registered user password at each time to reduce the probability that the registered user password is deciphered by the third person as much as possible in the case that a server device preliminarily enciphers and writes the user password of a user who is permitted to use a DB card, and register it when writing a DB file in the DB card. SOLUTION: When writing the DB file in a DB card 3, a server device 1 enciphers the user password with a time variable changing at each time as the key and registers it in the DB card. A portable terminal device 2 acquires the time variable key from the card when accessing the DB card and enciphers a password inputted by an operator by this time variable key to collate the password; and when the operator is an authorized user, the device 2 permits access to the DB file in the card. COPYRIGHT: (C)2001,JPO

Patent
07 Dec 2000
TL;DR: In this article, a system and method for allowing roaming of a subscriber and password authentication in a non-LDAP region is presented, where a user signs onto a network access server which in turn connects to the regional LDAP RADIUS server.
Abstract: A system and method for allowing roaming of a subscriber and password authentication a non-LDAP region. A user signs onto a network access server which in turn connects to the regional LDAP RADIUS server. Password authentication occurs by hashing a transmitted password and comparing it to a clear text password from an LDAP database that has been hashed in the same manner as the transmitted password. When the subscriber is in a non-LDAP region, The password proceeds trough a proxy server to a regional RADIUS server which connects to a non-LDAP server. The non-LDAP server connects to and SMS database and retrieve the clear text password associated with the non-LDFSAP user, hashes it according the same method as the transmitted hashed password and formats the password for comparison in the regional RADIUS server. If the hashed passwords compare, the access is permitted.

Patent
20 Mar 2000
TL;DR: In this paper, a real-time system and method for determining crackability of a password in real time was presented, which involved a server system that serves a software package, and a client system coupled to the server system.
Abstract: System and method for determining crackability of a password in real time. The system and method include and involve a server system that serves a software package, and a client system that is coupled to the server system. The client system is configured to receive the software package. The software package includes a password entry facility permitting a user to enter a password candidate string one character at a time, and a strength determination facility configured to communicate with the password entry facility and to determine the crackability of the password candidate in real time repeatedly as each character of the password candidate string is entered into the password entry facility.

01 Jan 2000
TL;DR: This document describes the Argon2 memory-hard function for password hashing and proof-of-work applications with an implementer- oriented description with test vectors to simplify adoption of Argon2 for Internet protocols.
Abstract: This document describes the Argon2 memory-hard function for password hashing and proof-of-work applications. We provide an implementer- oriented description with test vectors. The purpose is to simplify adoption of Argon2 for Internet protocols. This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.


Patent
07 Jun 2000
TL;DR: In this article, a one-time password generator was proposed that can make retrieval of an encryption key and a count on the basis of generating a one time password much more difficult.
Abstract: PROBLEM TO BE SOLVED: To provide a one-time password generator that can make retrieval of an encryption key and a count on the basis of generating a one-time password much more difficult in the case of employing the one-time password by a counter synchronous system SOLUTION: A random number generating section 38 in the one-time password generator generates a random number that is kept within a range smaller than a count M being a permissible count range when an authentication server 4 authenticates a password A counter 33 advances its count according to the random number generated by the random number generating section 38 A one-time password generating section 34 uses an encryption key from an encryption key storage section 32 and the count from the counter 33 for parameters to conduct encryption processing and to generate a one-time password Then the continuity of counts on the basis of the one-time password is lost and the interval of counts is made at random

Patent
26 May 2000
TL;DR: In this article, a dynamic password control system was proposed to provide an authentication process for a user by using a password having a dynamically changed value time-wise and not known to third persons easily.
Abstract: PROBLEM TO BE SOLVED: To provide a dynamic password control system conducting an authentication process for a user by using a password having a dynamically changed value time-wise and not known to third persons easily. SOLUTION: This dynamic password control system is provided with a stationary user terminal, an authentication server connected via a communication network, and a portable password calculating device. The stationary user terminal transmits a card ID, and the authentication server receiving the card ID calculates the dynamic password dynamically changed according to the elapsed time based on the password parameter inherent to the card ID and the elapsed time to determine the present password corresponding to the card ID. The portable password calculating device calculates the dynamic password by the same calculation logic as the authentication server to determine the present password when the elapsed time is inputted.

Patent
25 Jan 2000
TL;DR: In this paper, the authors propose an authentication system of high security capable of detecting and excluding an illegal access due to the illegal use of a transmitting and address or a password, where set information is stored in a connection device 1 and a terminal 2.
Abstract: PROBLEM TO BE SOLVED: To provide an authentication system of high security capable of detecting and excluding an illegal access due to the illegal use of a transmitting and address or a password. SOLUTION: Plural passwords (or plural password generation algorithm elements) and set information are stored in a connection device 1 and a terminal 2. The time of the device 1 is synchronized with that of the terminal 2 and a password (or password generation algorithm) is changed with the lapse of time on the basis of the set information. The terminal 2 adds the password to a frame to be transmitted and transmits the frame and the device 1 compares the password of the received frame with the password of the device 1. When both the passwords coincide with each other, the device 1 permits the communication of the terminal 2, and when the passwords are different from each other, inhibits the communication and cancels the frame.

Patent
15 Jun 2000
TL;DR: In this article, a secure channel is established so that the client computer can securely transmit a password to the server computer, and future transmissions use the password to encrypt data by the sending computer and decipher the data at the receiving computer.
Abstract: A system and method for protecting data transmitted across a private network is disclosed. A secure channel is established so that the client computer can securely transmit a password to the server computer. Once the password has been transmitted, future transmissions use the password to encrypt data by the sending computer and decipher the data at the receiving computer. In one embodiment, passwords expire after a certain amount of time and are thereafter renegotiated. In another embodiment, the password is successively modified by a counter value further preventing unauthorized persons from discovering the password used to encrypt the data. By using passwords rather than public-key encryption methods, less system resources are required to maintain data confidentiality. An information handling system securely transmitting data within a private network as well as a computer program product programmed to perform the encryption processing are further disclosed.

Patent
14 Nov 2000
TL;DR: In this paper, a load program causes a user's computer to generate an intermediate code as a function of a read time from the computer's system clock and an operating system ID.
Abstract: A load program causes a user's computer to generate an intermediate code as a function of a read time from the computer's system clock and an operating system ID. The software provider receives the intermediate code from the user and generates a password as a function of the intermediate code and a secret product ID code for the software that the user wishes to install. The load program within the user's computer uses the same mathematical algorithm to compute an internal key upon the next execution of the load program. The internal key is compared with the software supplier's password following a prompt from the load program to enter the supplier's password. The software supplier's password and the internally generated password must both agree before the load program authorizes execution of the software that the user wishes to install.

Patent
28 Apr 2000
TL;DR: In this paper, a radio communication device which performs authentication between devices by using passwords unique to the devices is provided with a password hold part 16 which holds at least a temporary password and private passwords.
Abstract: PROBLEM TO BE SOLVED: To provide a radio communication device which performs authentication by using a proper password according to the use state of an application. SOLUTION: The radio communication device which performs authentication between devices by using passwords unique to the devices is provided with a password hold part 16 which holds at least a temporary password and private passwords. A password selection determination part 18 normally selects a private password as a password for authentication and selects the temporary password as a password for authentication when the user makes a request through an event 21 from the user to follow an authenticating procedure with other stations. The password selection determination part 18 sets the private password as the password for authentication again after a connection established by the authenticating procedure using the temporary password is disconnected, and a password matching part 19 performs matching.

Patent
20 Oct 2000
TL;DR: In this paper, the problem of easily reporting a password from the manager of a server when a user is disabled in log-in since the password is forgotten is solved by reporting the password to the user based on the ID information of the user reported at the same time.
Abstract: PROBLEM TO BE SOLVED: To easily report a password from the manager of a server when a user is disabled in log-in since the password is forgotten. SOLUTION: The password inputted by the user by operating an input device is transmitted through the Internet 4 to a server 6 by a log-in request means 12. In the server 6, this password is received by a user authenticating means 20 and it is decided whether the password is matched to a registered password or not. When the password is not matched, the user is to input the password again but an authentication failure time count means 22 counts how many times it is decided that the password is not matched and when that number of times exceeds a reference number of times, electronic mail for requesting a password notice is transmitted to the manager. The manager receives this electronic mail and reports the password to the user based on the ID information of the user reported at the same time.

Patent
29 Nov 2000
TL;DR: In this article, a web based password reset tool includes means for resetting passwords for OS/2 user IDs, and the new password is displayed through an email message or using another application display area.
Abstract: A method and implementing system are provided in which, a web based password reset tool includes means for resetting passwords for OS/2 user IDs. In an illustrated example, an OS/2 environment is contacted using TCP/IP over NetBIOS (TCPBEUI). NetBIOS packets are passed through routers into the NetBIOS network. The user ID and new passwords are issued and passed to the OS/2 server to be set. After the OS/2 server sets the password, the new password will be sent back to the password reset tool for access and/or display to the user requesting the new password. The new password is displayed through an email message or using another application display area.