Password-based cryptography

From Wikipedia, the free encyclopedia
Revision as of 19:42, 15 October 2024 by imported>Citation bot (Altered pages. Add: authors 1-1. Removed parameters. Formatted dashes. Some additions/deletions were parameter name changes. | Use this bot. Report bugs. | Suggested by Headbomb | Linked from Wikipedia:WikiProject_Academic_Journals/Journals_cited_by_Wikipedia/Sandbox | #UCB_webform_linked 46/242)
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Password-based cryptography is the study of password-based key encryption, decryption, and authorization. It generally refers two distinct classes of methods:

  • Single-party methods
  • Multi-party methods

Single party methods

Some systems attempt to derive a cryptographic key directly from a password. However, such practice is generally ill-advised when there is a threat of brute-force attack. Techniques to mitigate such attack include passphrases and iterated (deliberately slow) password-based key derivation functions such as PBKDF2 (RFC 2898).

Multi-party methods

Password-authenticated key agreement systems allow two or more parties that agree on a password (or password-related data) to derive shared keys without exposing the password or keys to network attack.[1] Earlier generations of challenge–response authentication systems have also been used with passwords, but these have generally been subject to eavesdropping and/or brute-force attacks on the password.

See also

References

  1. Script error: No such module "Citation/CS1".

Further reading


Template:Asbox

Retrieved from "http://debianws.lexgopc.com/wiki143/index.php?title=Password-based_cryptography&oldid=1548311"