Open AccessAnalysing Password Protocol Security Against Off-line Dictionary Attacks
Author(s) -
Ricardo Corin,
Jeroen Doumen,
Sandro Etalle
Publication year - 2005
Publication title -
electronic notes in theoretical computer science
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.242
H-Index - 60
ISSN - 1571-0661
DOI - 10.1016/j.entcs.2004.10.007
Subject(s) - password , computer science , adversary , computer security , encryption , protocol (science) , dictionary attack , key exchange , theoretical computer science , s/key , cryptographic protocol , cryptography , one time password , zero knowledge password proof , password strength , public key cryptography , medicine , alternative medicine , pathology
We study the security of password protocols against off-line dictionary attacks. In addition to the standard adversary abilities, we also consider further cryptographic advantages given to the adversary when considering the password protocol being instantiated with particular encryption schemes. We work with the applied pi calculus of Abadi and Fournet, in which we present novel equational theories to model the (new) adversary abilities.These new abilities are crucial in the analysis of our case studies, the Encrypted Password Transmission (EPT) protocol of Halevi and Krawczyk, and the well-known Encrypted Key Exchange (EKE) of Bellovin and Merritt. In the latter, we find an attack that arises when considering the ability of distinguishing ciphertexts from random noise. We propose a modification to EKE that prevents this attack
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom