Server-assisted generation of a strong secret from a password

W. Ford, B. Kaliski
{"title":"Server-assisted generation of a strong secret from a password","authors":"W. Ford, B. Kaliski","doi":"10.1109/ENABL.2000.883724","DOIUrl":null,"url":null,"abstract":"A roaming user, who accesses a network front different client terminals, can be supported by a credentials server that authenticates the user by password then assists in launching a secure environment for the user. However, traditional credentials server designs are vulnerable to exhaustive password guessing attack at the server. We describe a credentials server model and supporting protocol that overcomes that deficiency. The protocol provides for securely generating a strong secret from a weak secret (password), based on communications exchanges with two or more independent servers. The result can be leveraged in various ways, for example, the strong secret can be used to decrypt an encrypted private key or it can be used in strongly authenticating to an application server. The protocol has the properties that a would-be attacker cannot feasibly complete the strong secret and has only a limited opportunity to guess the password, even if he or she has access to all messages and has control over some, but not all, of the servers.","PeriodicalId":435283,"journal":{"name":"Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2000-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"207","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ENABL.2000.883724","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 207

Abstract

A roaming user, who accesses a network front different client terminals, can be supported by a credentials server that authenticates the user by password then assists in launching a secure environment for the user. However, traditional credentials server designs are vulnerable to exhaustive password guessing attack at the server. We describe a credentials server model and supporting protocol that overcomes that deficiency. The protocol provides for securely generating a strong secret from a weak secret (password), based on communications exchanges with two or more independent servers. The result can be leveraged in various ways, for example, the strong secret can be used to decrypt an encrypted private key or it can be used in strongly authenticating to an application server. The protocol has the properties that a would-be attacker cannot feasibly complete the strong secret and has only a limited opportunity to guess the password, even if he or she has access to all messages and has control over some, but not all, of the servers.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
服务器辅助从密码生成强秘密
漫游用户通过不同的客户端终端访问网络,可以由凭据服务器支持,凭据服务器通过密码对用户进行身份验证,然后帮助为用户启动安全环境。然而,传统的凭据服务器设计容易受到服务器上的详尽密码猜测攻击。我们描述了一个凭据服务器模型和支持协议来克服这个缺陷。该协议基于与两个或多个独立服务器的通信交换,提供了从弱秘密(密码)安全地生成强秘密的方法。结果可以通过各种方式加以利用,例如,强秘密可以用于解密加密的私钥,也可以用于对应用程序服务器进行强身份验证。该协议具有这样的属性,即潜在的攻击者无法完成强秘密,并且只有有限的机会猜测密码,即使他或她可以访问所有消息并控制一些(但不是全部)服务器。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Techniques for evaluating collaboration toolkits Tapping alert protocol ETOILE - an Environment for Team, Organizational and Individual Learning in Emergencies Secure multicast software delivery Developing and evaluating collaborative engineering studios
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1