Strong Password-Based Authentication Using Pseudorandom Moduli
draft-perlman-strong-pass-00
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Authors | Radia Perlman , Charlie W. Kaufman | ||
Last updated | 2000-07-07 | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document specifies a new password-based protocol that can be used as the basis of mutual authentication, or downloading of a private key. The only thing the client needs to know is the user's password. The protocol is constructed such that an eavesdropper cannot do off-line password-guessing attacks. Someone stealing the server's database cannot directly impersonate the user, although they can do an off-line password-guessing attack on the contents. The protocol presented in this paper is similar in functionality, higher in performance at the server, but lower in performance at the client, to the extended EKE and SPEKE, and SRP schemes. Additional properties of this scheme are salt, no password-equivalent stored at the server, and prevention of servers on which the user has the same password from impersonating each other to the user. This document gives an overview of the approach, but not wire-formats, which are premature at this stage. The purpose of this document is to advertise this new scheme to various groups that might be interested (CAT, for a GSS-API mechanism, LDAP, for download of a private key).
Authors
Radia Perlman
Charlie W. Kaufman
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)