Password-based cryptography
Password-based cryptography is the study of password-based key encryption, decryption, and authorization. It generally refers two distinct classes of methods:
- Single-party methods
- Multi-party methods
Single party methods
[edit | edit source]Some systems attempt to derive a cryptographic key directly from a password. However, such practice is generally ill-advised when there is a threat of brute-force attack. Techniques to mitigate such attack include passphrases and iterated (deliberately slow) password-based key derivation functions such as PBKDF2 (RFC 2898).
Multi-party methods
[edit | edit source]Password-authenticated key agreement systems allow two or more parties that agree on a password (or password-related data) to derive shared keys without exposing the password or keys to network attack.[1] Earlier generations of challenge–response authentication systems have also been used with passwords, but these have generally been subject to eavesdropping and/or brute-force attacks on the password.
See also
[edit | edit source]References
[edit | edit source]- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
Further reading
[edit | edit source]- https://link.springer.com/chapter/10.1007/978-3-642-32009-5_19
- https://link.springer.com/chapter/10.1007/978-3-662-46447-2_14
 | This cryptography-related article is a stub. You can help Wikipedia by expanding it. |