Cross-domain password-based authenticated key exchange revisited

Chen, Liqun; Lim, Hoon Wei; Yang, Guomin

doi:10.1109/infcom.2013.6566895

Cited by 6 publications

(1 citation statement)

References 42 publications

(49 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The system stores the user's identity and password for every account. Then, the user logins this data to authenticate himself and access the service [31][32][33].…”

Section: Passwordsmentioning

confidence: 99%

Password-Hashing Status

Hatzivasilis

2017

Cryptography

View full text Add to dashboard Cite

Computers are used in our everyday activities, with high volumes of users accessing provided services. One-factor authentication consisting of a username and a password is the common choice to authenticate users in the web. However, the poor password management practices are exploited by attackers that disclose the users' credentials, harming both users and vendors. In most of these occasions the user data were stored in clear or were just processed by a cryptographic hash function. Password-hashing techniques are applied to fortify this user-related information. The standardized primitive is currently the PBKDF2 while other widely-used schemes include Bcrypt and Scrypt. The evolution of parallel computing enables several attacks in password-hash cracking. The international cryptographic community conducted the Password Hashing Competition (PHC) to identify new efficient and more secure password-hashing schemes, suitable for widespread adoption. PHC advanced our knowledge of password-hashing. Further analysis efforts revealed security weaknesses and novel schemes were designed afterwards. This paper provides a review of password-hashing schemes until the first quarter of 2017 and a relevant performance evaluation analysis on a common setting in terms of code size, memory consumption, and execution time.

show abstract

“…The system stores the user's identity and password for every account. Then, the user logins this data to authenticate himself and access the service [31][32][33].…”

Section: Passwordsmentioning

confidence: 99%