Sciweavers

SP
1997
IEEE

Number Theoretic Attacks on Secure Password Schemes

14 years 3 months ago
Number Theoretic Attacks on Secure Password Schemes
Encrypted Key Exchange (EKE) [1, 2] allows two parties sharing a password to exchange authenticated information over an insecure network by using a combination of public and secret key cryptography. EKE promises security against active attacks and dictionary attacks. Other secure protocols have been proposed based on the use of randomized confounders [4, 7]. We use some basic results from number theory to present password guessing attacks on all versions of EKE discussed in the paper [1] and we also offer countermeasures to the attacks. However, for the RSA version of EKE, we show that simple modifications are not enough to rescue the protocol. Attacks are also presented on half encrypted versions of EKE. We also show how randomized confounders cannot protect Direct Authentication Protocol and Secret Public Key Protocol versions of a secure password scheme [4] from attacks. We discuss why these attacks are possible against seemingly secure protocols and what is necessary to make secur...
Sarvar Patel
Added 26 Aug 2010
Updated 26 Aug 2010
Type Conference
Year 1997
Where SP
Authors Sarvar Patel
Comments (0)