Burt Kaliski scite author profile

This memo represents a republication of PKCS #5 v2.0 from RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, and change control is retained within the PKCS process. The body of this document, except for the security considerations section, is taken directly from that specification.This document provides recommendations for the implementation of password-based cryptography, covering key derivation functions, encryption schemes, message-authentication schemes, and ASN.1 syntax identifying the techniques.

show abstract

Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1

Jönsson¹,

Kaliski²

2003

225

165

View full text Add to dashboard Cite

show abstract

Linear Cryptanalysis Using Multiple Approximations

Kaliski¹,

Robshaw²

1994

133

117

View full text Add to dashboard Cite

We present a technique which aids in the linear cryptanalysis of a block cipher and allows for a reduction in the amount of d a t a required for a successful attack. We note the limits of this extension when applied to DES, but illustrate that it, is generally applicable and might be exceptionally successful when applied to other block ciphers. This forces us to reconsider some of the initial attempts to quantify the resistance of block ciphers to linear cryptanalysis, and by taking account of this new technique we cover several issues which have riot yet been considered.

show abstract

Pors

Juels¹,

Kaliski²

2007

1,274

101

View full text Add to dashboard Cite

Server-assisted generation of a strong secret from a password

Ford¹,

Kaliski

103

View full text Add to dashboard Cite

A roaming user, who accesses a network from different client terminals, can be supported by a credentials server that authenticates the user by password then assists in launching a secure environment for the user. However, traditional credentials server designs are vulnerable to exhaustive password guessing attack at the server. We describe a new credentials server model and supporting protocol that overcomes that deficiency. The protocol provides for securely generating a strong secret from a weak secret (password), based on communications exchanges with two or more independent servers. The result can be leveraged in various ways, for example, the strong secret can be used to decrypt an encrypted private key or it can be used in strongly authenticating to an application server. The protocol has the properties that a would-be attacker cannot feasibly compute the strong secret and has only a limited opportunity to guess the password, even i f he or she has access to all messages and has control over some, but not all, of the servers.

show abstract

An unknown key-share attack on the MQV key agreement protocol

Kaliski

2001

ACM Trans. Inf. Syst. Secur.

111

View full text Add to dashboard Cite

The MQV key agreement protocol, a technique included in recent standards, is shown in its basic form to be vulnerable to an unknown key-share attack. Although the attack's practical impact on security is minimal---a key confirmation step easily prevents it---the attack is noteworthy in the principles it illustrates about protocol design. First, minor “efficiency improvements” can significantly alter the security properties of a protocol. Second, protocol analysis must consider potential interactions with all parties, not just those that are normally online. Finally, attacks must be assessed in terms of system requirements, not just in isolation.

show abstract

A Cryptographic Library for the Motorola DSP56000

Dussé¹,

Kaliski²

1991

105

View full text Add to dashboard Cite

On Differential and Linear Cryptanalysis of the RC5 Encryption Algorithm

Kaliski¹,

Yin²

1995

View full text Add to dashboard Cite

This paper analyzes the security of the RC5 encryption algorithm against differential and linear cryptanalysis. RC5 is a new block cipher recently designed by Ron Rivest. It has a variable word size, a variable number of rounds, and a variable-length secret key. In RC5, the secret key is used to fill an expanded key table which is then used in encryption. Both our differential and linear attacks on RC5 recover every bit of the expanded key table without any exhaustive search. However, the plaintext requirement is strongly dependent on the number of rounds. For 64-bit block size, our differential attack on nine-round RC5 uses 2*5 chosen plaintext pairs (about the same as DES), while 2" pairs are needed for 12-round RC5. Similarly, our linear attack on five-round RC5 uses 2*' known plaintexts (about the same as DES), and the plaintext requirement is impractical for more than six rounds. We conjecture that the linear approximations used in our linear cryptanalysis are optimal. Thus, we conclude that Rivest's suggested use of 12 rounds is sufficient to make differential and linear cryptanalysis of RC5 impractical.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Burt Kaliski

PKCS #5: Password-Based Cryptography Specification Version 2.0

Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1

Linear Cryptanalysis Using Multiple Approximations

Pors

Server-assisted generation of a strong secret from a password

An unknown key-share attack on the MQV key agreement protocol

A Cryptographic Library for the Motorola DSP56000

On Differential and Linear Cryptanalysis of the RC5 Encryption Algorithm

Contact Info

Product

Resources

About