We present protocols that allow a user Alice, knowing only her name and password, and not carrying a smart card, to "log in to the network" from a "generic" workstation, i.e., one that has all the necessary software installed, but none of the configuration information usually assumed to be known a priori in a security scheme, such as Alice's public and private keys, her certificate, and the public keys of one or more CAs. By "logging in", we mean the workstation retrieves this information on behalf of the user. This would be straightforward if Alice had a cryptographically strong password. We propose protocols that are secure even if Alice's password is guessable. We concentrate on the initial retrieval of Alice's private key from some server Bob on the network. We discuss various protocols for doing this that avoid off-line password guessing attacks by someone eavesdropping or impersonating Alice or Bob. We discuss auditable vs. unauditabl...
Radia J. Perlman, Charlie Kaufman