Password-based cryptography: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 17:38, 27 November 2012 edit Chris the speller (talk \| contribs) Autopatrolled, Extended confirmed users, Pending changes reviewers 894,311 edits m →Single party methods: per WP:HYPHEN, sub-subsection 3, points 3,4,5, replaced: deliberately- → deliberately using AWB (8686) ← Previous edit		Latest revision as of 19:42, 15 October 2024 edit undo Citation bot (talk \| contribs) Bots 5,870,411 edits Altered pages. Add: authors 1-1. Removed parameters. Formatted dashes. Some additions/deletions were parameter name changes. \| Use this bot. Report bugs. \| Suggested by Headbomb \| Linked from Wikipedia:WikiProject_Academic_Journals/Journals_cited_by_Wikipedia/Sandbox \| #UCB_webform_linked 46/242
(9 intermediate revisions by 8 users not shown)
Line 1: '''Password-based cryptography''' is the study of password-based key encryption, decryption, and authorization. It generally refers to two distinct classes of methods:▼ ~~{{Unreferenced\|date=December 2009}}~~ ▲'''Password-based cryptography''' generally refers to two distinct classes of methods: Single-party methods Line 7 ⟶ 5: ==Single party methods== Some systems attempt to derive a cryptographic key directly from a password. However, such practice is generally ill-advised when there is a threat of [[brute-force attack]]. Techniques to mitigate such attack include [[passphrase]]s and iterated (deliberately slow) password-based key derivation functions such as [[PBKDF2]] (RFC 2898). ==Multi-party methods== [[Password-authenticated key agreement]] systems allow two or more parties that agree on a password (or password-related data) to derive shared keys without exposing the password or keys to network attack.<ref>{{Cite journal \|last1=Halevi \|first1=Shai \|last2=Krawczyk \|first2=Hugo \|date=August 1999 \|title=Public-key cryptography and password protocols \|url=https://dl.acm.org/doi/abs/10.1145/322510.322514 \|journal=ACM Trans. Inf. Syst. Secur. \|publisher=Association for Computing Machinery \|volume=2 \|issue=3 \|pages=230–268 \|doi=10.1145/322510.322514 \|issn=1094-9224 \|via=ACM Digital Library}}</ref> Earlier generations of [[challenge–response authentication]] systems have also been used with passwords, but these have generally been subject to eavesdropping and/or brute-force attacks on the password. ~~[[Password-authenticated key agreement]] systems allow~~ ~~two or more parties that agree on a password (or password-related data)~~ ~~to derive shared keys without exposing the password or keys to network attack.~~ ~~Earlier generations of [[challenge-response authentication]] systems~~ ~~have also been used with passwords, but these have generally~~ ~~been subject to eavesdropping and/or brute-force attacks on the password.~~ ==See also== Line 22 ⟶ 15: [[Password-authenticated key agreement]] == References == <references /> == Further reading == * https://link.springer.com/chapter/10.1007/978-3-642-32009-5_19 * https://link.springer.com/chapter/10.1007/978-3-662-46447-2_14 {{DEFAULTSORT:Password-Based Cryptography}} [[Category:Cryptography]] {{Crypto-stub}}