Types
Password-authenticated key agreement generally encompasses methods such as:
- Balanced password-authenticated key exchange
- Augmented password-authenticated key exchange
- Password-authenticated key retrieval
- Multi-server methods
- Multi-party methods
In the most stringent password-only security models, there is no requirement for the user of the method to remember any secret or public data other than the password.
Password authenticated key exchange (PAKE) is where two or more parties, based only on their knowledge of a password, establish a cryptographic key using an exchange of messages, such that an unauthorized party (one who controls the communication channel but does not possess the password) cannot participate in the method and is constrained as much as possible from brute force guessing the password. (The optimal case yields exactly one guess per run exchange.) Two forms of PAKE are Balanced and Augmented methods.
Balanced PAKE allows parties that use the same password to negotiate and authenticate a shared key. Examples of these are:
- Encrypted Key Exchange (EKE)
- PAK and PPK
- SPEKE (Simple password exponential key exchange)
- J-PAKE (Password Authenticated Key Exchange by Juggling) -- A variant that is probably not encumbered by patents.
Augmented PAKE is a variation applicable to client/server scenarios, in which the server does not store password-equivalent data. This means that an attacker that stole the server data still cannot masquerade as the client unless they first perform a brute force search for the password. Examples include:
- AMP
- Augmented-EKE
- B-SPEKE
- PAK-Z
- SRP -- probably not encumbered by patents.
- AugPAKE (RFC 6628)
Password-authenticated key retrieval is a process in which a client obtains a static key in a password-based negotiation with a server that knows data associated with the password, such as the Ford and Kaliski methods. In the most stringent setting, one party uses only a password in conjunction with two or more (N) servers to retrieve a static key, in a way that protects the password (and key) even if any N-1 of the servers are completely compromised.
Read more about this topic: Password-authenticated Key Agreement
Famous quotes containing the word types:
“The wider the range of possibilities we offer children, the more intense will be their motivations and the richer their experiences. We must widen the range of topics and goals, the types of situations we offer and their degree of structure, the kinds and combinations of resources and materials, and the possible interactions with things, peers, and adults.”
—Loris Malaguzzi (1920–1994)
“The American man is a very simple and cheap mechanism. The American woman I find a complicated and expensive one. Contrasts of feminine types are possible. I am not absolutely sure that there is more than one American man.”
—Henry Brooks Adams (1838–1918)
“Science is intimately integrated with the whole social structure and cultural tradition. They mutually support one other—only in certain types of society can science flourish, and conversely without a continuous and healthy development and application of science such a society cannot function properly.”
—Talcott Parsons (1902–1979)