Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CRYPTO
2006
Springer
2006
Springer
Mitigating Dictionary Attacks on Password-Protected Local Storage
We address the issue of encrypting data in local storage using a key that is derived from the user's password. The typical solution in use today is to derive the key from the password using a cryptographic hash function. This solution provides relatively weak protection, since an attacker that gets hold of the encrypted data can mount an off-line dictionary attack on the user's password, thereby recovering the key and decrypting the stored data. We propose an approach for limiting off-line dictionary attacks in this setting without relying on secret storage or secure hardware. In our proposal, the process of deriving a key from the password requires the user to solve a puzzle that is presumed to be solvable only by humans (e.g, a CAPTCHA). We describe a simple protocol using this approach: many different puzzles are stored on the disk, the user's password is used to specify which of them need to be solved, and the encryption key is derived from the password and the solu...
Real-time TrafficCRYPTO 2006 | Cryptographic Hash Function | Cryptology | Off-line Dictionary Attacks | User's Password |
| Added | 20 Aug 2010 |
| Updated | 20 Aug 2010 |
| Type | Conference |
| Year | 2006 |
| Where | CRYPTO |
| Authors | Ran Canetti, Shai Halevi, Michael Steiner |
Comments (0)
Researcher Info
|
