Title :
Server-assisted generation of a strong secret from a password
Author :
Ford, Warwick ; Kaliski, Burton S., Jr.
Author_Institution :
VeriSign Inc., USA
Abstract :
A roaming user, who accesses a network front different client terminals, can be supported by a credentials server that authenticates the user by password then assists in launching a secure environment for the user. However, traditional credentials server designs are vulnerable to exhaustive password guessing attack at the server. We describe a credentials server model and supporting protocol that overcomes that deficiency. The protocol provides for securely generating a strong secret from a weak secret (password), based on communications exchanges with two or more independent servers. The result can be leveraged in various ways, for example, the strong secret can be used to decrypt an encrypted private key or it can be used in strongly authenticating to an application server. The protocol has the properties that a would-be attacker cannot feasibly complete the strong secret and has only a limited opportunity to guess the password, even if he or she has access to all messages and has control over some, but not all, of the servers
Keywords :
access protocols; client-server systems; cryptography; message authentication; application server; client terminals; credentials server; encrypted private key; password guessing attack; roaming user; secure environment; strong secret; weak secret; Access protocols; Costs; Cryptography; Databases; Employment; File servers; Hardware; Laboratories; Network servers; Security;
Conference_Titel :
Enabling Technologies: Infrastructure for Collaborative Enterprises, 2000. (WET ICE 2000). Proeedings. IEEE 9th International Workshops on
Conference_Location :
Gaithersburg, MD
Print_ISBN :
0-7695-0798-0
DOI :
10.1109/ENABL.2000.883724
