Paper 2017/917

A practical, perfectly secure password scheme in the bounded retrieval model

Moses Liskov

Abstract

In this paper, we present a practical password scheme due to Spilman, which is perfectly secure in the bounded retrieval model, assuming ideal hash functions. The construction is based on a hash-like function com- puted by a third party “facilitator”. The facilitator is trusted, and security derives from the facilitator’s long random secret, although the adversary is assumed to be able to retrieve a large fraction of that secret. Unlike the traditional “salted and hashed password” approach, this scheme is secure against an adversary capable of performing brute force dictionary attacks offline. The key security property for the facilitator function is a form of uncloneability, that prevents the adversary from calculating function values offline.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Contact author(s)
mliskov @ mitre org
History
2017-09-24: received
Short URL
https://ia.cr/2017/917
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2017/917,
      author = {Moses Liskov},
      title = {A practical, perfectly secure password scheme in the bounded retrieval model},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/917},
      year = {2017},
      url = {https://eprint.iacr.org/2017/917}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.