You are looking at a specific version 20001107:174416 of this paper. See the latest version.

Paper 2000/057

Session-Key Generation using Human Passwords Only

Oded Goldreich and Yehuda Lindell

Abstract

We present session-key generation protocols in a model where the legitimate parties share {\em only} a human-memorizable password. The security guarantee holds with respect to probabilistic polynomial-time adversaries that control the communication channel (between the parties), and may omit, insert and modify messages at their choice. Loosely speaking, the effect of such an adversary that attacks an execution of our protocol is comparable to an attack in which an adversary is only allowed to make a constant number of queries of the form ``is $w$ the password of Party A''. We stress that the result holds also in case the passwords are selected at random from a small dictionary so that it is feasible (for the adversary) to scan the entire directory.

Metadata
Available format(s)
PDF PS
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
lindell @ wisdom weizmann ac il
History
2005-01-25: last of 7 revisions
2000-11-07: received
See all versions
Short URL
https://ia.cr/2000/057
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.