Server-assisted generation of a strong secret from a password

Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000) Pub Date : 2000-06-04 DOI:10.1109/ENABL.2000.883724

W. Ford, B. Kaliski

{"title":"Server-assisted generation of a strong secret from a password","authors":"W. Ford, B. Kaliski","doi":"10.1109/ENABL.2000.883724","DOIUrl":null,"url":null,"abstract":"A roaming user, who accesses a network front different client terminals, can be supported by a credentials server that authenticates the user by password then assists in launching a secure environment for the user. However, traditional credentials server designs are vulnerable to exhaustive password guessing attack at the server. We describe a credentials server model and supporting protocol that overcomes that deficiency. The protocol provides for securely generating a strong secret from a weak secret (password), based on communications exchanges with two or more independent servers. The result can be leveraged in various ways, for example, the strong secret can be used to decrypt an encrypted private key or it can be used in strongly authenticating to an application server. The protocol has the properties that a would-be attacker cannot feasibly complete the strong secret and has only a limited opportunity to guess the password, even if he or she has access to all messages and has control over some, but not all, of the servers.","PeriodicalId":435283,"journal":{"name":"Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2000-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"207","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ENABL.2000.883724","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 207

Abstract

A roaming user, who accesses a network front different client terminals, can be supported by a credentials server that authenticates the user by password then assists in launching a secure environment for the user. However, traditional credentials server designs are vulnerable to exhaustive password guessing attack at the server. We describe a credentials server model and supporting protocol that overcomes that deficiency. The protocol provides for securely generating a strong secret from a weak secret (password), based on communications exchanges with two or more independent servers. The result can be leveraged in various ways, for example, the strong secret can be used to decrypt an encrypted private key or it can be used in strongly authenticating to an application server. The protocol has the properties that a would-be attacker cannot feasibly complete the strong secret and has only a limited opportunity to guess the password, even if he or she has access to all messages and has control over some, but not all, of the servers.

查看原文本刊更多论文

服务器辅助从密码生成强秘密

漫游用户通过不同的客户端终端访问网络，可以由凭据服务器支持，凭据服务器通过密码对用户进行身份验证，然后帮助为用户启动安全环境。然而，传统的凭据服务器设计容易受到服务器上的详尽密码猜测攻击。我们描述了一个凭据服务器模型和支持协议来克服这个缺陷。该协议基于与两个或多个独立服务器的通信交换，提供了从弱秘密(密码)安全地生成强秘密的方法。结果可以通过各种方式加以利用，例如，强秘密可以用于解密加密的私钥，也可以用于对应用程序服务器进行强身份验证。该协议具有这样的属性，即潜在的攻击者无法完成强秘密，并且只有有限的机会猜测密码，即使他或她可以访问所有消息并控制一些(但不是全部)服务器。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000)

自引率

0.00%

发文量