Reference : An Offline Dictionary Attack Against zkPAKE Protocol |
Scientific congresses, symposiums and conference proceedings : Poster | |||
Engineering, computing & technology : Computer science | |||
Computational Sciences | |||
http://hdl.handle.net/10993/37403 | |||
An Offline Dictionary Attack Against zkPAKE Protocol | |
English | |
[en] An Offline Dictionary Attack Against zkPAKE Protocol | |
Lopez Becerra, José Miguel ![]() | |
Ryan, Peter ![]() | |
Sala, Petra ![]() | |
Skrobot, Marjan ![]() | |
Jun-2018 | |
Yes | |
International | |
WiSec2018 | |
From 18-06-20018 to 20-06-2018 | |
KTH Royal Institute of Technology Stockholm | |
Stockholm | |
Sweden | |
[en] Password Authenticated Key Exchange ; zkPAKE ; Offlne Dictionary Attack | |
[en] Password Authenticated Key Exchange (PAKE) allows a
user to establish a strong cryptographic key with a server, using only knowledge of a pre-shared password. One of the basic security requirements of PAKE is to prevent o ine dictionary attacks. In this paper, we revisit zkPAKE, an augmented PAKE that has been recently proposed by Mochetti, Resende, and Aranha (SBSeg 2015). Our work shows that the zkPAKE protocol is prone to o ine password guessing attack, even in the presence of an adversary that has only eavesdropping capabilities. Therefore, zkPAKE is insecure and should not be used as a password-authenticated key exchange mechanism | |
University of Luxembourg: High Performance Computing - ULHPC | |
Researchers | |
http://hdl.handle.net/10993/37403 | |
10.1145/1235 |
File(s) associated to this reference | ||||||||||||||
Fulltext file(s):
| ||||||||||||||
All documents in ORBilu are protected by a user license.