Warwick Ford and Burton S. Kaliski Jr.
Citation: W. Ford and B.S. Kaliski Jr. Server-assisted generation
of a strong secret from a password. In 9th International
Workshops on Enabling Technologies (WET ICE 2000), IEEE Press, 2000.
(IEEE
Online Catalog Store)
Presented by Warwick Ford at WET
ICE 2000, NIST, Gaithersburg, MD, USA, June 14-16, 2000.
Abstract: A roaming user, who accesses a network from different
client terminals, can be supported by a credentials server that authenticates
the user by password then assists in launching a secure environment for
the user. However, traditional credentials server designs are vulnerable
to exhaustive password guessing attack at the server. We describe a new
credentials server model and supporting protocol that overcomes that deficiency.
The protocol provides for securely generating a strong secret from a weak
secret (password), based on communications exchanges with two or more
independent servers. The result can be leveraged in various ways, for
example, the strong secret can be used to decrypt an encrypted private
key or it can be used in strongly authenticating to an application server.
The protocol has the properties that a would-be attacker cannot feasibly
compute the strong secret and has only a limited opportunity to guess
the password, even if he or she has access to all messages and has control
over some, but not all, of the servers.
Click here
for paper (© 2000 IEEE)
Click here for slides
Paper is © 2000 IEEE. Reprinted from 9th
International Workshops on Enabling Technologies (WET-ICE 2000), IEEE,
2000. This material is posted here with permission of the IEEE. Internal
or personal use of this material is permitted. However, permission to
reprint/republish this material for advertising or promotional purposes
or for creating new collective works for resale or redistribution must
be obtained from the IEEE by sending an email message to pubs-permissions@ieee.org.
By choosing to view this document, you agree to all provisions of the
copyright laws protecting it.
