This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Password-authenticated Key Exchange
Password-authenticated Key Exchange

Version management

Difference between version and

At line 1 added 28 lines
!!! Overview
[{$pagename}] ([PAKE]) is a special form of cryptographic [Key-Exchange] [protocol] was defined in [Year 1992]
[{$pagename}] protocols distinguishing feature is the [client] will [authenticate] to the server using a [password].
[{$pagename}] provides that an [eavesdropper] or [Man-In-The-Middle] cannot obtain enough [data] to be able to [Brute-Force] or guess a [password] (or [key]) without further interactions with the parties for each (few) guesses. This property allow strong security can be obtained using weak passwords.
[{$pagename}] is where two or more parties, based only on their knowledge of a [password], establish a [Cryptographic Key] using an exchange of [messages], such that an [unauthorized] party (one who controls the communication channel but does not possess the [password]) cannot participate in the method and is constrained as much as possible from brute force guessing the password. (The optimal case yields exactly one guess per run exchange.)
[{$pagename}] has two basic classifications
Balanced [{$pagename}] allows parties that use the same [password] to negotiate and [authenticate] a [Shared Secret]. This means that both parties have either [password] or, in some cases, [Private Key] for corresponding [Public Key]. In some scenarios [PKI] can be represented by [Ephemeral Keys] in order to simplify [Key-Exchange] and take less user interaction for [Public Key] management.
Augmented [{$pagename}] is a variation applicable to [Client-server] scenarios, in which the [server] does not store [password] equivalent [data]. This means that an [attacker] that stole the [server] [data] still cannot [masquerade] as the client unless they first perform a [Brute-Force] search for the [password]. Either there is one more vector for application of AugPAKE. When it comes to [Constrained Nodes] [Private Key] absence could be huge deal and some of the most popular and secure Balanced PAKE methods simply could not be applied.
!! Category
%%category [Information security]%%
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Password-authenticated Key Exchange|Wikipedia:Password-authenticated_key_agreement/|target='_blank'] - based on information obtained 2016-06-05
* [#2] - [Encrypted Key Exchange Password-Based Protocols Secure Against Dictionary Attacks|https://www.cs.columbia.edu/~smb/papers/neke.pdf|target='_blank'] - based on information obtained 2018-10-21
* [#3] - [Password-authenticated key agreement|http://cryptowiki.net/index.php?title=Password-authenticated_key_agreement|target='_blank'] - based on information obtained 2020-02-20
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop