scispace - formally typeset


About: S/KEY is a(n) research topic. Over the lifetime, 3155 publication(s) have been published within this topic receiving 76356 citation(s). more


Open accessJournal ArticleDOI: 10.1145/358790.358797
Leslie Lamport1Institutions (1)
Abstract: A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system. The method assumes a secure one-way encryption function and can be implemented with a microcomputer in the user's terminal. more

Topics: S/KEY (67%), Password (65%), One-time password (65%) more

2,740 Citations

Open accessProceedings ArticleDOI: 10.1109/RISP.1992.213269
Steven M. Bellovin1, Michael Merritt1Institutions (1)
04 May 1992-
Abstract: Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. > more

Topics: Salt (cryptography) (71%), Zero-knowledge password proof (69%), Password strength (68%) more

1,523 Citations

Proceedings ArticleDOI: 10.1145/1242572.1242661
Dinei Florencio1, Cormac Herley1Institutions (1)
08 May 2007-
Abstract: We report the results of a large scale study of password use andpassword re-use habits. The study involved half a million users over athree month period. A client component on users' machines recorded a variety of password strength, usage and frequency metrics. This allows us to measure or estimate such quantities as the average number of passwords and average number of accounts each user has, how many passwords she types per day, how often passwords are shared among sites, and how often they are forgotten. We get extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site. The data is the first large scale study of its kind, and yields numerous other insights into the role the passwords play in users' online experience. more

Topics: Cognitive password (69%), Password policy (69%), Password psychology (68%) more

1,011 Citations

Open accessProceedings Article
23 Aug 1999-
Abstract: In this paper we propose and evaluate new graphical password schemes that exploit features of graphical input displays to achieve better security than text-based passwords. Graphical input devices enable the user to decouple the position of inputs from the temporal order in which those inputs occur, and we show that this decoupling can be used to generate password schemes with substantially larger (memorable) password spaces. In order to evaluate the security of one of our schemes, we devise a novel way to capture a subset of the "memorable" passwords that, we believe, is itself a contribution. In this work we are primarily motivated by devices such as personal digital assistants (PDAs) that offer graphical input capabilities via a stylus, and we describe our prototype implementation of one of our password schemes on such a PDA, namely the Palm PilotTM. more

Topics: Password policy (67%), Cognitive password (65%), One-time password (64%) more

857 Citations

Open accessBook ChapterDOI: 10.1007/3-540-45539-6_12
14 May 2000-
Abstract: When designing password-authenticated key exchange protocols (as opposed to key exchange protocols authenticated using cryptographically secure keys), one must not allow any information to be leaked that would allow verification of the password (a weak shared key), since an attacker who obtains this information may be able to run an off-line dictionary attack to determine the correct password. We present a new protocol called PAK which is the first Diffie-Hellman-based password-authenticated key exchange protocol to provide a formal proof of security (in the random oracle model) against both passive and active adversaries. In addition to the PAK protocol that provides mutual explicit authentication, we also show a more efficient protocol called PPK that is provably secure in the implicit -authentication model. We then extend PAK to a protocol called PAK-X, in which one side (the client) stores a plaintext version of the password, while the other side (the server) only stores a verifier for the password. We formally prove security of PAK-X, even when the server is compromised. Our formal model for password-authenticated key exchange is new, and may be of independent interest. more

747 Citations

No. of papers in the topic in previous years

Top Attributes

Show by:

Topic's top 5 most impactful authors

Kee-Young Yoo

25 papers, 414 citations

Eun-Jun Yoon

23 papers, 453 citations

Chin-Chen Chang

18 papers, 698 citations

Min-Shiang Hwang

15 papers, 1.1K citations

Dongho Won

14 papers, 177 citations

Network Information
Related Topics (5)

35K papers, 389.6K citations

82% related
Key management

9.3K papers, 159.9K citations

81% related

98.3K papers, 1.4M citations

80% related
Security service

17.3K papers, 309.2K citations

80% related
Digital signature

10.9K papers, 233.8K citations

80% related