Prompted User Retrieval of Secret Entropy: The Passmaze Protocol

A prompting protocol permits users to securely retrieve secrets with greater entropy than passwords. The retrieved user secrets can have enough entropy to be used to derive cryptographic keys.

[1]  Tsutomu Matsumoto,et al.  Human-computer cryptography: an attempt , 1998, CCS '96.

[2]  Taekyoung Kwon,et al.  A Study on the Generalized Key Agreement and Password Authentication Protocol , 2000 .

[3]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.

[4]  M. Angela Sasse,et al.  Making Passwords Secure and Usable , 1997, BCS HCI.

[5]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[6]  Taekyoung Kwon,et al.  Secure agreement scheme for gxy via password authentication , 1999 .

[7]  Hugo Krawczyk,et al.  Public-key cryptography and password protocols , 1998, CCS '98.

[8]  Maurizio Kliban Boyarsky,et al.  Public-key cryptography and password protocols: the multi-user case , 1999, CCS '99.

[9]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[10]  Sig Porter,et al.  A password extension for improved human factors , 1982, Comput. Secur..

[11]  Bruce Christianson,et al.  Secure Sessions from Weak Secrets , 2003, Security Protocols Workshop.

[12]  Carl M. Ellison Cybercash Establishing Identity Without Certification Authorities , 1996 .

[13]  Dirk Fox,et al.  Advanced Encryption Standard (AES) , 1999, Datenschutz und Datensicherheit.

[14]  Taekyoung Kwon,et al.  Authentication and Key Agreement Via Memorable Passwords , 2001, NDSS.

[15]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[16]  Gene Tsudik,et al.  Refinement and extension of encrypted key exchange , 1995, OPSR.

[17]  Yehuda Lindell,et al.  Session-Key Generation Using Human Passwords Only , 2001, Journal of Cryptology.

[18]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[19]  Daniel R. L. Brown,et al.  The Static Diffie-Hellman Problem , 2004, IACR Cryptology ePrint Archive.

[20]  Taekyoung Kwon,et al.  Efficient and secure password-based authentication protocols against guessing attacks , 1998, Comput. Commun..

[21]  David Mazières,et al.  The Advanced Computing Systems Association a Future-adaptable Password Scheme a Future-adaptable Password Scheme , 2022 .

[22]  Burton S. Kaliski,et al.  Server-assisted generation of a strong secret from a password , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[23]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[24]  Philip MacKenzie,et al.  On the Security of the SPEKE Password-Authenticated Key Exchange Protocol , 2001, IACR Cryptol. ePrint Arch..

[25]  Taekyoung Kwon,et al.  Authentication and Key Agreement via Memorable Password , 2000, IACR Cryptol. ePrint Arch..

[26]  Taekyoung Kwon,et al.  An Improvement of the Password-Based Authentication Protocol (K1P) on Security against Replay Attacks , 1999 .

[27]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[28]  Dawn Song,et al.  Hash Visualization: a New Technique to improve Real-World Security , 1999 .

[29]  Philip D. MacKenzie,et al.  More Efficient Password-Authenticated Key Exchange , 2001, CT-RSA.

[30]  Michael Waidner,et al.  Secure password-based cipher suite for TLS , 2001, NDSS.

[31]  Jon Callas,et al.  OpenPGP Message Format , 1998, RFC.

[32]  Jerome H. Saltzer,et al.  Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[33]  Hideki Imai,et al.  Human Identification Through Insecure Channel , 1991, EUROCRYPT.

[34]  Stefan Lucks,et al.  Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys , 1997, Security Protocols Workshop.

[35]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[36]  David P. Jablon Extended password key exchange protocols immune to dictionary attack , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[37]  David Mazières,et al.  A future-adaptive password scheme , 1999 .

[38]  David P. Jablon Strong password-only authenticated key exchange , 1996, CCRV.

[39]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[40]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[41]  Sarvar Patel,et al.  Information leakage in encrypted key exchange , 1996, Network Threats.

[42]  Mihir Bellare,et al.  The AuthA Protocol for Password-Based Authenticated Key Exchange , 2000 .

[43]  Sarvar Patel,et al.  Number theoretic attacks on secure password schemes , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[44]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[45]  Li Gong,et al.  Optimal authentification protocols resistant to password guessing attacks , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[46]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[47]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[48]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[49]  Radia J. Perlman,et al.  Secure Password-Based Protocol for Downloading a Private Key , 1999, NDSS.

[50]  Seungjoo Kim,et al.  Comments on password-based private key download protocol of NDSS'99 , 1999 .

[51]  Rafail Ostrovsky,et al.  Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[52]  Thomas Wu,et al.  The SRP Authentication and Key Exchange System , 2000, RFC.

[53]  Tzonelih Hwang,et al.  On the Matsumoto and Imai's Human Identification Scheme , 1995, EUROCRYPT.

[54]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.