scispace - formally typeset

Salt (cryptography)

About: Salt (cryptography) is a(n) research topic. Over the lifetime, 906 publication(s) have been published within this topic receiving 21720 citation(s). The topic is also known as: cryptographic salt. more


Open accessProceedings ArticleDOI: 10.1109/RISP.1992.213269
Steven M. Bellovin1, Michael Merritt1Institutions (1)
04 May 1992-
Abstract: Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. > more

Topics: Salt (cryptography) (71%), Zero-knowledge password proof (69%), Password strength (68%) more

1,523 Citations

Proceedings ArticleDOI: 10.1145/1242572.1242661
Dinei Florencio1, Cormac Herley1Institutions (1)
08 May 2007-
Abstract: We report the results of a large scale study of password use andpassword re-use habits. The study involved half a million users over athree month period. A client component on users' machines recorded a variety of password strength, usage and frequency metrics. This allows us to measure or estimate such quantities as the average number of passwords and average number of accounts each user has, how many passwords she types per day, how often passwords are shared among sites, and how often they are forgotten. We get extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site. The data is the first large scale study of its kind, and yields numerous other insights into the role the passwords play in users' online experience. more

Topics: Cognitive password (69%), Password policy (69%), Password psychology (68%) more

1,011 Citations

Journal ArticleDOI: 10.1016/J.IJHCS.2005.04.010
Susan Wiedenbeck1, Jim Waters1, Jean-Camille Birget2, Alex Brodskiy3  +1 moreInstitutions (3)
Abstract: Computer security depends largely on passwords to authenticate human users. However, users have difficulty remembering passwords over time if they choose a secure password, i.e. a password that is long and random. Therefore, they tend to choose short and insecure passwords. Graphical passwords, which consist of clicking on images rather than typing alphanumeric strings, may help to overcome the problem of creating secure and memorable passwords. In this paper we describe PassPoints, a new and more secure graphical password system. We report an empirical study comparing the use of PassPoints to alphanumeric passwords. Participants created and practiced either an alphanumeric or graphical password. The participants subsequently carried out three longitudinal trials to input their password over the course of 6 weeks. The results show that the graphical password users created a valid password with fewer difficulties than the alphanumeric users. However, the graphical users took longer and made more invalid password inputs than the alphanumeric users while practicing their passwords. In the longitudinal trials the two groups performed similarly on memory of their password, but the graphical group took more time to input a password. more

Topics: Cognitive password (73%), Password policy (73%), Password psychology (72%) more

688 Citations

Proceedings ArticleDOI: 10.1145/168588.168618
Steven M. Bellovin1, Michael Merritt1Institutions (1)
01 Dec 1993-
Abstract: The encrypted key exchange (EKE) protocol is augmented so that hosts do not store cleartext passwords. Consequently, adversaries who obtain the one-way encrypted password file may (i) successfully mimic (spoof) the host to the user, and (ii) mount dictionary attacks against the encrypted passwords, but cannot mimic the user to the host. Moreover, the important security properties of EKE are preserved—an active network attacker obtains insufficient information to mount dictionary attacks. Two ways to accomplish this are shown, one using digital signatures and one that relies on a family of commutative one-way functions. more

Topics: Encrypted key exchange (68%), Salt (cryptography) (65%), Zero-knowledge password proof (64%) more

583 Citations

Open accessProceedings Article
Thomas D. Wu1Institutions (1)
01 Jan 1998-
Abstract: This paper presents a new password authentication and key-exchange protocol suitable for authenticating users and exchanging keys over an untrusted network. The new protocol resists dictionary attacks mounted by either passive or active network intruders, allowing, in principle, even weak passphrases to be used safely. It also o ers perfect forward secrecy, which protects past sessions and passwords against future compromises. Finally, user passwords are stored in a form that is not plaintext-equivalent to the password itself, so an attacker who captures the password database cannot use it directly to compromise security and gain immediate access to the host. This new protocol combines techniques of zero-knowledge proofs with asymmetric key exchange protocols and o ers signi cantly improved performance over comparably strong extended methods that resist stolen-veri er attacks such as Augmented EKE or B-SPEKE. more

Topics: Secure Remote Password protocol (69%), Password policy (68%), One-time password (67%) more

536 Citations

No. of papers in the topic in previous years

Top Attributes

Show by:

Topic's top 5 most impactful authors

Markus Jakobsson

7 papers, 423 citations

Stanislaw Jarecki

4 papers, 110 citations

Thomas Shrimpton

4 papers, 252 citations

David Pointcheval

4 papers, 787 citations

Rhonda L. Childress

4 papers, 35 citations

Network Information
Related Topics (5)

35K papers, 389.6K citations

85% related
One-time password

4.6K papers, 93.9K citations

84% related
Password strength

3.1K papers, 69.3K citations

83% related
Probabilistic encryption

6.4K papers, 208.9K citations

82% related
Authentication protocol

13.2K papers, 250.1K citations

82% related