论文信息 - Password-Based Authentication: Preventing Dictionary Attacks

Password-Based Authentication: Preventing Dictionary Attacks

Password-based authentication is susceptible to attack if used on insecure communication channels like the Internet. Researchers have engineered several protocols to prevent attacks, but we still need formal models to analyze and aid in the effective design of acceptable password protocols geared to prevent dictionary attacks.

Mukesh Singhal | Saikat Chakrabarti | M. Singhal | S. Chakrabarti

[1] Thomas D. Wu. The Secure Remote Password Protocol , 1998, NDSS.

[2] Steven M. Bellovin,et al. Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[3] Paul C. van Oorschot,et al. Addressing Online Dictionary Attacks with Login Histories and Humans-in-the-Loop (Extended Abstract) , 2004, Financial Cryptography.

[4] Hugo Krawczyk,et al. Public-key cryptography and password protocols , 1998, CCS '98.

[5] Moni Naor,et al. Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[6] Mihir Bellare,et al. Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[7] Steven M. Bellovin,et al. Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[8] Benny Pinkas,et al. Securing passwords against dictionary attacks , 2002, CCS '02.

[9] Daniel Bleichenbacher,et al. Breaking a Cryptographic Protocol with Pseudoprimes , 2005, Public Key Cryptography.

[10] Yongge Wang,et al. Security analysis of a password-based authentication protocol proposed to IEEE 1363 , 2006, Theor. Comput. Sci..