Title :
Protecting poorly chosen secrets from guessing attacks
Author :
Gong, Li ; Lomas, Mark A. ; Needham, Roger M. ; Saltzer, Jerome H.
Author_Institution :
SRI Int., Menlo Park, CA, USA
fDate :
6/1/1993 12:00:00 AM
Abstract :
In a security system that allows people to choose their own passwords, people tend to choose passwords that can be easily guessed. This weakness exists in practically all widely used systems. Instead of forcing users to choose secrets that are likely to be difficult for them to remember, solutions that maintain user convenience and a high level of security at the same time are proposed. The basic idea is to ensure that data available to the attacker is sufficiently unpredictable to prevent an offline verification of whether a guess is successful or not. Common forms of guessing attacks are examined, examples of cryptographic protocols that are immune to such attacks are developed, and a systematic way to examine protocols to detect vulnerabilities to such attacks is suggested
Keywords :
cryptography; protocols; authentication; cryptographic protocols; guessing attacks; passwords; secrets protection; security system; Authentication; Computer science; Cryptographic protocols; Cryptography; Data security; Dictionaries; Information security; Laboratories; Operating systems; Protection;
Journal_Title :
Selected Areas in Communications, IEEE Journal on
