Abstract | ||
---|---|---|
Several 3-party-based authentication protocols have been proposed, which are resistant to off-line password guessing attacks. We show that they are not resistant to a new type of attack called "undetectable on-line password guessing attack". The authentication server is not able to notice this kind of attack from the clients' (attacker's) requests, because they don't include enough information about the clients (or attacker). Either freshness or authenticity of these requests is not guaranteed. Thus the authentication server responses and leaks verifiable information for an attacker to verify his guess. |
Year | DOI | Venue |
---|---|---|
1995 | 10.1145/219282.219298 | Operating Systems Review |
Keywords | Field | DocType |
undetectable on-line password,enough information,off-line password,new type,3-party-based authentication protocol,leaks verifiable information,authentication server,authentication server response,authentication protocol | Password cracking,Password strength,Challenge–response authentication,Computer science,Computer security,Key stretching,S/KEY,One-time password,Password,Cognitive password | Journal |
Volume | Issue | Citations |
29 | 4 | 132 |
PageRank | References | Authors |
6.78 | 6 | 2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Yun Ding | 1 | 132 | 6.78 |
Patrick Horster | 2 | 371 | 51.55 |