Sciweavers

Share
NDSS
1999
IEEE

Secure Password-Based Protocol for Downloading a Private Key

12 years 1 months ago
Secure Password-Based Protocol for Downloading a Private Key
We present protocols that allow a user Alice, knowing only her name and password, and not carrying a smart card, to "log in to the network" from a "generic" workstation, i.e., one that has all the necessary software installed, but none of the configuration information usually assumed to be known a priori in a security scheme, such as Alice's public and private keys, her certificate, and the public keys of one or more CAs. By "logging in", we mean the workstation retrieves this information on behalf of the user. This would be straightforward if Alice had a cryptographically strong password. We propose protocols that are secure even if Alice's password is guessable. We concentrate on the initial retrieval of Alice's private key from some server Bob on the network. We discuss various protocols for doing this that avoid off-line password guessing attacks by someone eavesdropping or impersonating Alice or Bob. We discuss auditable vs. unauditabl...
Radia J. Perlman, Charlie Kaufman
Added 04 Aug 2010
Updated 04 Aug 2010
Type Conference
Year 1999
Where NDSS
Authors Radia J. Perlman, Charlie Kaufman
Comments (0)
books