Jump to content

Password-based cryptography

From Wikipedia, the free encyclopedia

Password-based cryptography is the study of password-based key encryption, decryption, and authorization. It generally refers two distinct classes of methods:

  • Single-party methods
  • Multi-party methods

Single party methods

[edit]

Some systems attempt to derive a cryptographic key directly from a password. However, such practice is generally ill-advised when there is a threat of brute-force attack. Techniques to mitigate such attack include passphrases and iterated (deliberately slow) password-based key derivation functions such as PBKDF2 (RFC 2898).

Multi-party methods

[edit]

Password-authenticated key agreement systems allow two or more parties that agree on a password (or password-related data) to derive shared keys without exposing the password or keys to network attack.[1] Earlier generations of challenge–response authentication systems have also been used with passwords, but these have generally been subject to eavesdropping and/or brute-force attacks on the password.

See also

[edit]

References

[edit]
  1. ^ Halevi, Shai; Krawczyk, Hugo (August 1999). "Public-key cryptography and password protocols". ACM Trans. Inf. Syst. Secur. 2 (3). Association for Computing Machinery: 230–268. doi:10.1145/322510.322514. ISSN 1094-9224 – via ACM Digital Library.

Further reading

[edit]