{"title":"Server-assisted generation of a strong secret from a password","authors":"W. Ford, B. Kaliski","doi":"10.1109/ENABL.2000.883724","DOIUrl":null,"url":null,"abstract":"A roaming user, who accesses a network front different client terminals, can be supported by a credentials server that authenticates the user by password then assists in launching a secure environment for the user. However, traditional credentials server designs are vulnerable to exhaustive password guessing attack at the server. We describe a credentials server model and supporting protocol that overcomes that deficiency. The protocol provides for securely generating a strong secret from a weak secret (password), based on communications exchanges with two or more independent servers. The result can be leveraged in various ways, for example, the strong secret can be used to decrypt an encrypted private key or it can be used in strongly authenticating to an application server. The protocol has the properties that a would-be attacker cannot feasibly complete the strong secret and has only a limited opportunity to guess the password, even if he or she has access to all messages and has control over some, but not all, of the servers.","PeriodicalId":435283,"journal":{"name":"Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2000-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"207","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ENABL.2000.883724","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 207
Abstract
A roaming user, who accesses a network front different client terminals, can be supported by a credentials server that authenticates the user by password then assists in launching a secure environment for the user. However, traditional credentials server designs are vulnerable to exhaustive password guessing attack at the server. We describe a credentials server model and supporting protocol that overcomes that deficiency. The protocol provides for securely generating a strong secret from a weak secret (password), based on communications exchanges with two or more independent servers. The result can be leveraged in various ways, for example, the strong secret can be used to decrypt an encrypted private key or it can be used in strongly authenticating to an application server. The protocol has the properties that a would-be attacker cannot feasibly complete the strong secret and has only a limited opportunity to guess the password, even if he or she has access to all messages and has control over some, but not all, of the servers.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
