About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
SRDS 1993
Conference paper
Some remarks on protecting weak keys and poorly-chosen secrets from guessing attacks
Abstract
Authentication and key distribution protocols that utilize weak secrets (such as passwords and PINs) are traditionally susceptible to guessing attacks whereby an adversary iterates through a relatively small key space and verifies the correct guess. Such attacks can be defeated by the use of public key encryption and careful protocol construction. In their recent work, Lomas et al, investigated this topic and developed a methodology for avoiding guessing attacks while incurring only moderate overhead. In this paper we discuss several issues concerning the proposed solution and suggest modifications that remove some of the constraints (such as synchronized time and state retention by the server) and result in simpler and more efficient protocols.