CryptoDB
On the security of some password-based key agreement schemes
Authors: | |
---|---|
Download: | |
Abstract: | In this paper we show that two potential security vulnerabilities exist in the strong password-only authenticated key exchange scheme due to Jablon. Two standardised schemes based on Jablon's scheme, namely the first password-based key agreement mechanism in ISO/IEC FCD 11770-4 and the scheme BPKAS-SPEKE in IEEE P1363.2 also suffer from one or both of these security vulnerabilities. We further show that other password-based key agreement mechanisms, including those in ISO/IEC FCD 11770-4 and IEEE P1363.2, also suffer from these two security vulnerabilities. Finally, we propose means to remove these security vulnerabilities. |
BibTeX
@misc{eprint-2005-12492, title={On the security of some password-based key agreement schemes}, booktitle={IACR Eprint archive}, keywords={cryptographic protocols /}, url={http://eprint.iacr.org/2005/156}, note={ qiang.tang@rhul.ac.uk 12929 received 26 May 2005}, author={Qiang Tang and Chris J. Mitchell}, year=2005 }