Password-based cryptography: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 19:13, 4 July 2005 edit DavidJablon (talk \| contribs) 102 edits No edit summary ← Previous edit		Latest revision as of 19:42, 15 October 2024 edit undo Citation bot (talk \| contribs) Bots 5,870,311 edits Altered pages. Add: authors 1-1. Removed parameters. Formatted dashes. Some additions/deletions were parameter name changes. \| Use this bot. Report bugs. \| Suggested by Headbomb \| Linked from Wikipedia:WikiProject_Academic_Journals/Journals_cited_by_Wikipedia/Sandbox \| #UCB_webform_linked 46/242
(19 intermediate revisions by 17 users not shown)
Line 1: '''Password-based cryptography''' is the study of password-based key encryption, decryption, and authorization. It generally refers to two distinct classes of methods: Single-party methods Line 5: ==Single party methods== Some systems attempt to derive a cryptographic key directly from a password. However, such practice is generally ill-advised when there is a threat of [[brute-force attack]]. Techniques to ~~(at least partially)~~ mitigate such attack include [[passphrase]]s and iterated (deliberately- slow) password-based key derivation functions such as [[PBKDF2]] (RFC 2898).▼ ▲Some systems attempt to derive a cryptographic key directly from a password. However, such practice is generally ill-advised when there is a threat of [[brute-force attack]]. Techniques to (at least partially) mitigate such attack include [[passphrase]]s and iterated (deliberately-slow) password-based key derivation functions such as PBKDF2 (RFC 2898). ==Multi-party methods== [[Password-authenticated key agreement]] systems allow two or more parties that agree on a password (or password-related data) to derive shared keys without exposing the password or keys to network attack.<ref>{{Cite journal \|last1=Halevi \|first1=Shai \|last2=Krawczyk \|first2=Hugo \|date=August 1999 \|title=Public-key cryptography and password protocols \|url=https://dl.acm.org/doi/abs/10.1145/322510.322514 \|journal=ACM Trans. Inf. Syst. Secur. \|publisher=Association for Computing Machinery \|volume=2 \|issue=3 \|pages=230–268 \|doi=10.1145/322510.322514 \|issn=1094-9224 \|via=ACM Digital Library}}</ref> Earlier generations of [[challenge–response authentication]] systems have also been used with passwords, but these have generally been subject to eavesdropping and/or brute-force attacks on the password. ~~[[Password-authenticated key agreement]] systems allow~~ ~~two or more parties that agree on a password (or password-related data)~~ ~~to derive shared keys without exposing the password or keys to network attack.~~ ~~Earlier generations of [[challenge-response authentication]] systems~~ ~~have also been used with passwords, but these have generally~~ ~~been subject to eavesdropping and/or brute-force attacks on the password.~~ ==See also== Line 21 ⟶ 14: [[Passphrase]] [[Password-authenticated key agreement]] == References == <references /> == Further reading == https://link.springer.com/chapter/10.1007/978-3-642-32009-5_19 * https://link.springer.com/chapter/10.1007/978-3-662-46447-2_14 {{DEFAULTSORT:Password-Based Cryptography}} [[Category:Cryptography]] {{Crypto-stub}}