Sciweavers

NDSS
1998
IEEE

The Secure Remote Password Protocol

14 years 4 months ago
The Secure Remote Password Protocol
This paper presents a new password authentication and key-exchange protocol suitable for authenticating users and exchanging keys over an untrusted network. The new protocol resists dictionary attacks mounted by either passive or active network intruders, allowing, in principle, even weak passphrases to be used safely. It also o ers perfect forward secrecy, which protects past sessions and passwords against future compromises. Finally, user passwords are stored in a form that is not plaintext-equivalent to the password itself, so an attacker who captures the password database cannot use it directly to compromise security and gain immediate access to the host. This new protocol combines techniques of zero-knowledge proofs with asymmetric key exchange protocols and o ers signi cantly improved performance over comparably strong extended methods that resist stolen-veri er attacks such as Augmented EKE or B-SPEKE.
Thomas D. Wu
Added 05 Aug 2010
Updated 05 Aug 2010
Type Conference
Year 1998
Where NDSS
Authors Thomas D. Wu
Comments (0)