Strengthening password-based authentication protocols against online dictionary attacks

Peng Wang, Yongdae Kim, Vishal Kher, Taekyoung Kwon

Research output: Contribution to journalConference articlepeer-review

4 Scopus citations


Passwords are one of the most common cause of system break-ins, because the low entropy of passwords makes systems vulnerable to brute force guessing attacks (dictionary attacks). Existing Strong Password-based Authentication and Key Agreement (SPAKA) protocols protect passwords from passive (eavesdropping-offline dictionary) attacks, but not from active online dictionary attacks. This paper presents a simple scheme that strengthens password-based authentication protocols and helps prevent online dictionary attacks as well as many-to-many attacks common to 3-pass SPAKA protocols. The proposed scheme significantly increases the computational burden of an attacker trying to launch online dictionary attacks, while imposing negligible load on the legitimate clients as well as on the authentication server.

Original languageEnglish
Pages (from-to)17-32
Number of pages16
JournalLecture Notes in Computer Science
StatePublished - 2005
Externally publishedYes
EventThird International Conference on Applied Cryptography and Network Security, ACNS 2005 - New York, NY, United States
Duration: 7 Jun 200510 Jun 2005


Dive into the research topics of 'Strengthening password-based authentication protocols against online dictionary attacks'. Together they form a unique fingerprint.

Cite this