Password-based cryptography is the study of password-based key encryption, decryption, and authorization. It generally refers two distinct classes of methods:
- Single-party methods
- Multi-party methods
Single party methods
Some systems attempt to derive a cryptographic key directly from a password. However, such practice is generally ill-advised when there is a threat of brute-force attack. Techniques to mitigate such attack include passphrases and iterated (deliberately slow) password-based key derivation functions such as PBKDF2 (RFC 2898).
Multi-party methods
Password-authenticated key agreement systems allow two or more parties that agree on a password (or password-related data) to derive shared keys without exposing the password or keys to network attack.1 Earlier generations of challenge–response authentication systems have also been used with passwords, but these have generally been subject to eavesdropping and/or brute-force attacks on the password.
See also
Further reading
- https://link.springer.com/chapter/10.1007/978-3-642-32009-5_19
- https://link.springer.com/chapter/10.1007/978-3-662-46447-2_14
References
Halevi, Shai; Krawczyk, Hugo (August 1999). "Public-key cryptography and password protocols". ACM Trans. Inf. Syst. Secur. 2 (3). Association for Computing Machinery: 230–268. doi:10.1145/322510.322514. ISSN 1094-9224 – via ACM Digital Library. https://dl.acm.org/doi/abs/10.1145/322510.322514 ↩