[Cryptography] secure authentication ... as opposed to passwords
Kristian Gjøsteen
kristian.gjosteen at ntnu.no
Tue May 8 02:43:45 EDT 2018
7. mai 2018 kl. 21:39 skrev John Denker via cryptography <cryptography at metzdowd.com>:
> On 05/07/2018 06:11 AM, Bill Frantz wrote:
>>
>> Are there any schemes that we should consider?
>
> Executive summary: Zero knowledge proofs!
>
> Don't frame it as a password problem; frame it as
> an authentication problem, then solve it properly.
While zero knowledge proofs are great, they are on often not what you are looking for.
Quite often, what you actually want is authenticated key exchange. If you want to use a password to authenticate the key exchange, you need password-based authenticated key exchange (PAKE). There is an extensive literature on the topic. There are standards and software that allows you to use PAKE with TLS.
For various reasons, we don’t use it.
--
Kristian Gjøsteen
More information about the cryptography
mailing list