Strengthening public key authentication against key theft
source link: https://martin.kleppmann.com/2015/12/08/preventing-key-theft-at-passwords15.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Strengthening public key authentication against key theft
Martin Kleppmann and Conrad Irwin
9th International Conference on Passwords, Cambridge, UK, December 2015.
Abstract
Authentication protocols based on an asymmetric keypair provide strong authentication as long as the private key remains secret, but may fail catastrophically if the private key is lost or stolen. Even when encrypted with a password, stolen key material is susceptible to offline brute-force attacks. In this paper we demonstrate a method for rate-limiting password guesses on stolen key material, without requiring special hardware or changes to servers. By slowing down offline attacks and enabling easy key revocation our algorithm reduces the risk of key compromise, even if a low-entropy password is used.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK