Security '01 Abstract
PDM: A New Strong Password-Based Protocol
Radia Perlman, Sun Microsystems Laboratories, and Charlie Kaufman, Iris Associates
In this paper we present PDM (Password Derived Mod-uli),
a new approach to strong password-based protocols
usable either for mutual authentication or for download-ing
security information such as the user’s private key.
We describe how the properties desirable for strong
password mutual authentication differ from the proper-ties
desirable for credentials download. In particular, a
protocol used solely for credentials download can be
simpler and less expensive than one used for mutual
authentication since some properties (such as authenti-cation
of the server) are not necessary for credentials
download. The features necessary for mutual authenti-cation
can be easily added to a credentials download
protocol, but many of the protocols designed for mutual
authentication are not as desirable for use in credentials
download as protocols like PDM and basic EKE and
SPEKE because they are unnecessarily expensive when
used for that purpose. PDM’s performance is vastly
more expensive at the client than any of the protocols in
the literature, but it is more efficient at the server. We
claim that performance at the server, since a server must
handle a large and potentially unpredictable number of
clients, is more important than performance at the client,
assuming that client performance is “good enough”. We
describe PDM for credentials download, and then show
how to enhance it to have the properties desirable for
mutual authentication. In particular, the enhancement
we advocate for allowing PDM to avoid storing a pass-word-
equivalent at the server is less expensive than
existing schemes, and our approach can be used as a
more efficient (at the server) variant of augmented EKE
and SPEKE than the currently published schemes. PDM
is important because it is a very different approach to the
problem than any in the literature, we believe it to be
unencumbered by patents, and because it can be a lot
less expensive at the server than existing schemes.
- View the full text of this paper in
The Proceedings are published as a collective work, © 2001 by the USENIX Association. All Rights Reserved. Rights
to individual papers remain with the author or the author's employer.
Permission is granted for the noncommercial reproduction of the complete
work for educational or research purposes. USENIX acknowledges all
trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.