Paper 2017/917

A practical, perfectly secure password scheme in the bounded retrieval model

Moses Liskov


In this paper, we present a practical password scheme due to Spilman, which is perfectly secure in the bounded retrieval model, assuming ideal hash functions. The construction is based on a hash-like function com- puted by a third party “facilitator”. The facilitator is trusted, and security derives from the facilitator’s long random secret, although the adversary is assumed to be able to retrieve a large fraction of that secret. Unlike the traditional “salted and hashed password” approach, this scheme is secure against an adversary capable of performing brute force dictionary attacks offline. The key security property for the facilitator function is a form of uncloneability, that prevents the adversary from calculating function values offline.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Contact author(s)
mliskov @ mitre org
2017-09-24: received
Short URL
Creative Commons Attribution


      author = {Moses Liskov},
      title = {A practical, perfectly secure password scheme in the bounded retrieval model},
      howpublished = {Cryptology ePrint Archive, Paper 2017/917},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.