Dual-workfactor Encrypted Key Exchange:
Efficiently Preventing Password Chaining and Dictionary Attacks
Password-based key-server protocols are susceptible to password
chaining attacks, in which an enemy uses knowledge of a user's
current password to learn all future passwords. As a result, the
exposure of a single password effectively compromises all future
communications by that user. The same protocols also tend to be
vulnerable to dictionary attacks against user passwords.
Bellovin and Merrit[BelMer92] presented a hybrid of symmetric-
and public-key cryptography called Encrypted Key Exchange (EKE) that
cleanly solves the dictionary attack problem. This paper presents an
extension of their ideas called /dual-workfactor encrypted key
exchange/ that preserves EKE's strength against dictionary attacks but
also efficiently prevents passive password-chaining attacks.
View the full text of this paper in
ASCII (38,001 Bytes) and
POSTSCRIPT (409,925 Bytes) form.
To Become a USENIX Member, please see our