Analysing Password Protocol Security Against Off-line Dictionary Attacks

Ricardo Corin, Jeroen Doumen, Sandro Etalle

    Research output: Book/ReportReportProfessional

    82 Downloads (Pure)


    We study the security of password protocols against off-line dictionary attacks. In addition to the standard adversary abilities, we also consider further cryptographic advantages given to the adversary when considering the password protocol being instantiated with particular encryption schemes. We work with the applied pi calculus of Abadi and Fournet, in which the (new) adversary abilities are modelled as equations between terms. As case studies, we analyse the Encrypted Password Transmission (EPT) protocol of Halevi and Krawczyk, and the wellknown Encrypted Key Exchange (EKE) of Bellovin and Merritt. Finally, we propose a modification to EKE that prevents a particular attack that arises when ciphertexts are distinguishable from random noise.
    Original languageEnglish
    Place of PublicationEnschede
    PublisherCentre for Telematics and Information Technology (CTIT)
    Number of pages19
    Publication statusPublished - Dec 2003

    Publication series

    NameCTIT Technical Reports
    PublisherUniversity of Twente, CTIT


    • SCS-Cybersecurity


    Dive into the research topics of 'Analysing Password Protocol Security Against Off-line Dictionary Attacks'. Together they form a unique fingerprint.

    Cite this