一种密码强化技术分析及其实际应用

2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI:10.1109/SECURWARE.2009.52

B. Groza

{"title":"一种密码强化技术分析及其实际应用","authors":"B. Groza","doi":"10.1109/SECURWARE.2009.52","DOIUrl":null,"url":null,"abstract":"Besides commonly used password strengthening techniques such as salting or repeated applications of a one-way function on the password, we account a less common procedure: the truncation of the output from a one-way function on the password. This technique is used in a Norwegian ATM and a similar method is part of an authentication protocol from Anderson and Lomas which makes use of collision-full hash functions. We depict a probabilistic bound on the probability of guessing the password in the Anderson-Lomas protocol and we propose some improvements on the protocol. Further, the improved protocol proves to be a good solution for a password based authentication between two devices that authenticate in the absence of a previously known secret or of a trusted third party. The protocol proves to have all the desired properties for this scenario.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Analysis of a Password Strengthening Technique and Its Practical Use\",\"authors\":\"B. Groza\",\"doi\":\"10.1109/SECURWARE.2009.52\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Besides commonly used password strengthening techniques such as salting or repeated applications of a one-way function on the password, we account a less common procedure: the truncation of the output from a one-way function on the password. This technique is used in a Norwegian ATM and a similar method is part of an authentication protocol from Anderson and Lomas which makes use of collision-full hash functions. We depict a probabilistic bound on the probability of guessing the password in the Anderson-Lomas protocol and we propose some improvements on the protocol. Further, the improved protocol proves to be a good solution for a password based authentication between two devices that authenticate in the absence of a previously known secret or of a trusted third party. The protocol proves to have all the desired properties for this scenario.\",\"PeriodicalId\":382947,\"journal\":{\"name\":\"2009 Third International Conference on Emerging Security Information, Systems and Technologies\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-06-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Third International Conference on Emerging Security Information, Systems and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECURWARE.2009.52\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECURWARE.2009.52","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

除了常用的密码增强技术(如在密码上加盐或重复应用单向函数)之外，我们还考虑了一种不太常见的过程:截断密码单向函数的输出。这种技术在挪威的ATM中使用，类似的方法是Anderson和Lomas的身份验证协议的一部分，该协议利用了冲突全哈希函数。我们描述了Anderson-Lomas协议中密码被猜出概率的一个概率界，并对该协议提出了一些改进。此外，改进的协议被证明是两个设备之间基于密码的身份验证的良好解决方案，这种身份验证在没有先前已知的秘密或可信第三方的情况下进行。该协议证明具有此场景所需的所有属性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Analysis of a Password Strengthening Technique and Its Practical Use

Besides commonly used password strengthening techniques such as salting or repeated applications of a one-way function on the password, we account a less common procedure: the truncation of the output from a one-way function on the password. This technique is used in a Norwegian ATM and a similar method is part of an authentication protocol from Anderson and Lomas which makes use of collision-full hash functions. We depict a probabilistic bound on the probability of guessing the password in the Anderson-Lomas protocol and we propose some improvements on the protocol. Further, the improved protocol proves to be a good solution for a password based authentication between two devices that authenticate in the absence of a previously known secret or of a trusted third party. The protocol proves to have all the desired properties for this scenario.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 Third International Conference on Emerging Security Information, Systems and Technologies

自引率

0.00%

发文量