Many authentication schemes depend on secret passwords. Unfortunately, the length and randomness of user-chosen passwords remain fixed over time. In contrast, hardware improvements constantly give attackers increasing computational power. As a result, password schemes such as the traditional UNIX user-authentication system are failing with time. This paper discusses ways of building systems in which password security keeps up with hardware speeds. We formalize the properties desirable in a good password system, and show that the computational cost of any secure password scheme must increase as hardware improves. We present two algorithms with adaptable cost-eksblowfish, a block cipher with a purposefully expensive key schedule, and bcrypt, a related hash function. Failing a major breakthrough in complexity theory, these algorithms should allow password-based systems to adapt to hardware improvements and remain secure well into the future.
CITATION STYLE
Provos, N., & Mazieres, D. (1999). A future-adaptable password scheme. USENIX Annual Technical Conference, …, 1–12. Retrieved from https://www.usenix.org/legacy/event/usenix99/full_papers/provos/provos.pdf
Mendeley helps you to discover research relevant for your work.