An Oblivious Password Cracking Server
نویسندگان
چکیده
Building a password cracking server that preserves the privacy of the queries made to the server is a problem that has not yet been solved. Such a server could acquire practical relevance in the future: for instance, the tables used to crack the passwords could be calculated, stored and hosted in cloud-computing services, and could be queried from devices with limited computing power. In this paper we present a method to preserve the confidentiality of a password cracker—wherein the tables used to crack the passwords are stored by a third party—by combining Hellman tables and Private Information Retrieval (PIR) protocols. We provide the technical details of this method, analyze its complexity, and show the experimental results obtained with our implementation.
منابع مشابه
Oblivious PAKE: Efficient Handling of Password Trials
In this work we introduce the notion of Oblivious Password based Authenticated Key Exchange (O-PAKE) and a compiler to transform a large class of PAKE into O-PAKE protocols. O-PAKE allows a client that shares one password with a server to use a subset of passwords within one PAKE session. It succeeds if and only if one of those input passwords matches the one stored on the server side. The term...
متن کاملImpersonating the Server on Simple three Party Key Exchange Protocol
The Password-authenticated key exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. On the other hand, the protocol should resist all types of password guessing attacks, since the password is of low entropy. Recently Lu Cao proposed a simple three-party password based authenticated key exchange (S-3 PAKE) protocol and claim...
متن کاملCryptanalysis of Two ID Based Password Authentication Schemes for Multi-server Environments
Recently, Hsiang and Shih proposed a secure dynamic ID based remote user authentication scheme for multi-server environment. In this paper, we show that Hsiang and Shih's scheme is still vulnerable to off-line password guessing attacks, impersonation attacks and server spoofing attacks. And it cannot resist agai nst extracting secr et data by in tercepting th e authentication m essage. Chen , H...
متن کاملCryptanalysis of Tan's Improvement on a Password Authentication Scheme for Multi-server Environments
Smart cards have been applied on password authentication in recent years. A user can input his/her identity and password to require services from the remote server. There are various attacks through an insecure network to obtain a user’s information. Therefore, many schemes are proposed to guarantee secure communication. However, a lot of schemes are not secure. Recently, Tan proposed an improv...
متن کاملCryptanalysis of a Provably Secure Gateway-Oriented Password-Based Authenticated Key Exchange Protocol
Recently, Chien et al. proposed a gateway-oriented password-based authenticated key exchange (GPAKE) protocol, through which a client and a gateway could generate a session key for future communication with the help of an authentication server. They also demonstrated that their scheme is provably secure in a formal model. However, in this letter, we will show that Chien et al.’s protocol is vul...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1307.8186 شماره
صفحات -
تاریخ انتشار 2013