Name
Abstract | ||
|---|---|---|
ABSTRACTThe most commonly adopted password management technique is to store web account passwords on a password manager and lock them using a master password. However, current online password managers do not hide the account passwords or the master password from the password manager itself, which highlights their real-world vulnerability and lack of user confidence in the face of malicious insiders and outsiders that compromise the password management service especially given its online nature. We attempt to address this crucial vulnerability in the design of online password managers by proposing HIPPO, a cloud-based password manager that does not learn or store master passwords and account passwords. HIPPO is based on the cryptographic notion of device-enhanced password authenticated key exchange proven by Jarecki et al. to resist online guessing attacks and dictionary attacks. We introduce the HIPPO protocol design and report on a full implementation of the system. |
Year | DOI | Venue |
|---|---|---|
2021 | 10.1145/3412841.3442131 | Symposium on Applied Computing |
DocType | Citations | PageRank |
Conference | 0 | 0.34 |
References | Authors | |
0 | 6 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Maliheh Shirvanian | 1 | 77 | 7.94 |
| Christopher Robert Price | 2 | 0 | 0.34 |
| Mohammed Jubur | 3 | 1 | 1.73 |
| Nitesh Saxena | 4 | 1204 | 82.45 |
| Stanislaw Jarecki | 5 | 133 | 6.96 |
| Hugo Krawczyk | 6 | 6214 | 540.73 |