Protecting poorly chosen secrets from guessing attacks
نویسندگان
چکیده
منابع مشابه
Protecting Poorly Chosen Secrets from Guessing Attacks
In a security system that allows people to choose their own passwords those people tend to choose passwords that can be easily guessed This weakness exists in practically all widely used systems Instead of forcing users to choose well chosen secrets which are likely to be di cult to remember we propose solutions that maintain both user convenience and a high level of security at the same time T...
متن کاملSome Remarks on Protecting Weak Keys and Poorly-Chosen Secrets from Guessing Attacks
Authentication and key distribution protocols that utilize weak secrets (such as passwords and PINs) are traditionally susceptible to guessing attacks whereby an adversary iterates through a relatively small key space and veri es the correct guess. Such attacks can be defeated by the use of public key encryption and careful protocol construction. In their recent work, Lomas et al. investigated ...
متن کاملGuessing human-chosen secrets
This dissertation is the result of my own work and includes nothing which is the outcome of work done in collaboration except where specifically indicated in the text. No parts of this dissertation have been submitted for any other qualification. This dissertation does not exceed the regulation length of 60, 000 words, including tables and footnotes. To Fletcher, for teaching me the value of ha...
متن کاملProtecting Intellectual Property by Guessing Secrets
In the guessing secrets problem defined by Chung, Graham and Leighton [9], player B has to unveil a set of k > 1 secrets that player A has chosen from a pool of N secrets. To discover the secrets, player B is allowed to ask a series of boolean questions. For each question asked, A can adversarially choose one of the secrets but once he has made his choice he must answer truthfully. In this pape...
متن کاملProtecting a Multiuser Web Application against Online Password-Guessing Attacks
This white paper presents a method for protecting a Web application against online password-guessing attacks. A user logs in with three credentials: the name of the application instance, a user ID, and a password, where the instance name is a secret known only to the instance users, the user ID is a secret kwnon only to the instance administrators, and the password is a secret known only to the...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Journal on Selected Areas in Communications
سال: 1993
ISSN: 0733-8716
DOI: 10.1109/49.223865