Password-based Cryptography
   HOME

TheInfoList



Click Here for Items Related To - Password-based Cryptography
OR:
Password-based Cryptography on:   [Wikipedia]   [Google]   [Amazon]

Password-based cryptography is the study of password-based key encryption, decryption, and authorization. It generally refers two distinct classes of methods: *Single-party methods *Multi-party methods


Single party methods

Some systems attempt to derive a cryptographic key directly from a password. However, such practice is generally ill-advised when there is a threat of
brute-force attack In cryptography, a brute-force attack or exhaustive key search is a cryptanalytic attack that consists of an attacker submitting many possible keys or passwords with the hope of eventually guessing correctly. This strategy can theoretically be ...
. Techniques to mitigate such attack include
passphrase A passphrase is a sequence of words or other text used to control access to a computer system, program or data. It is similar to a password in usage, but a passphrase is generally longer for added security. Passphrases are often used to control ...
s and iterated (deliberately slow) password-based key derivation functions such as
PBKDF2 In cryptography, PBKDF1 and PBKDF2 (Password-Based Key Derivation Function 1 and 2) are key derivation functions with a sliding computational cost, used to reduce vulnerability to brute-force attacks. PBKDF2 is part of RSA Laboratories' Public- ...
(RFC 2898).


Multi-party methods

Password-authenticated key agreement In cryptography, a password-authenticated key agreement (PAK) method is an interactive method for two or more parties to establish cryptographic keys based on one or more parties' knowledge of a password. An important property is that an eavesdrop ...
systems allow two or more parties that agree on a password (or password-related data) to derive shared keys without exposing the password or keys to network attack. Earlier generations of
challenge–response authentication In computer security, challenge-response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authentication, authenticated. The simplest exa ...
systems have also been used with passwords, but these have generally been subject to eavesdropping and/or brute-force attacks on the password.


See also

*
Password A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services t ...
*
Passphrase A passphrase is a sequence of words or other text used to control access to a computer system, program or data. It is similar to a password in usage, but a passphrase is generally longer for added security. Passphrases are often used to control ...
*
Password-authenticated key agreement In cryptography, a password-authenticated key agreement (PAK) method is an interactive method for two or more parties to establish cryptographic keys based on one or more parties' knowledge of a password. An important property is that an eavesdrop ...


References


Further reading

* https://link.springer.com/chapter/10.1007/978-3-642-32009-5_19 * https://link.springer.com/chapter/10.1007/978-3-662-46447-2_14 Cryptography {{Crypto-stub