Session-key generation using human passwords only

160Citations
Citations of this article
52Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

We present session-key generation protocols in a model where the legitimate parties share only a human-memorizable password. The security guarantee holds with respect to probabilistic polynomial-time adversaries that control the communication channel (between the parties), and may omit, insert and modify messages at their choice. Loosely speaking, the effect of such an adversary that attacks an execution of our protocol is comparable to an attack in which an adversary is only allowed to make a constant number of queries of the form "is w the password of Party A". We stress that the result holds also in case the passwords are selected at random from a small dictionary so that it is feasible (for the adversary) to scan the entire directory. We note that prior to our result, it was not clear whether or not such protocols were attainable without the use of random oracles or additional setup assumptions. © Springer-Verlag Berlin Heidelberg 2001.

Cite

CITATION STYLE

APA

Goldreich, O., & Lindell, Y. (2001). Session-key generation using human passwords only. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 2139 LNCS, pp. 408–432). Springer Verlag. https://doi.org/10.1007/3-540-44647-8_24

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free