The Community for Technology Leaders
Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (1997)
MIT, Cambridge, MA
June 18, 1997 to June 20, 1997
ISBN: 0-8186-7967-0
pp: 0248
D.P. Jablon , Integrity Sci. Inc., USA
ABSTRACT
Abstract: Strong password methods verify even small passwords over a network without additional stored keys or certificates with the user, and without fear of network dictionary attack. We describe a new extension to further limit exposure to theft of a stored password-verifier, and apply it to several protocols including the Simple Password Exponential Key Exchange (SPEKE). Alice proves knowledge of a password C to Bob, who has a stored verifier S, where S=g/sup C/ mod p. They perform a SPEKE exchange based on the shared secret S to derive ephemeral shared key K/sub 1/. Bob chooses a random X and sends g/sup X/ mod p. Alice computes K=g/sup XC/ mod p, and proves knowledge of {K/sub 1/,K/sub 2/}. Bob verifies this result to confirm that Alice knows C. Implementation issues are summarized, showing the potential for improved performance over Bellovin and Merritt's comparably strong Augmented-Encrypted Key Exchange. These methods make the password a strong independent factor in authentication, and are suitable for both Internet and intranet use.
INDEX TERMS
Internet; extended password key exchange protocols; dictionary attack; stored password-verifier; Simple Password Exponential Key Exchange; authentication; intranet use; Internet
CITATION

D. Jablon, "Extended Password Key Exchange Protocols Immune to Dictionary Attacks," Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises(WETICE), MIT, Cambridge, MA, 1997, pp. 0248.
doi:10.1109/ENABL.1997.630822
87 ms
(Ver 3.3 (11022016))