Antonio Nicolosi
Stevens Institute

Encrypted key exchange: password-based protocols secure against dictionary attacks

Classical cryptographic protocols based on user-chosen keys allow an
attacker to mount password-guessing attacks. We introduce a novel
combination of asymmetric (public-key) and symmetric (secret-key)
cryptography that allow two parties sharing a common password to
exchange confidential and authenticated information over an insecure
network. These protocols are secure against active attacks, and have the
property that the password is protected against off-line "dictionary"
attacks. There are a number of other useful applications as well,
including secure public telephones.

S. M. Bellovin and M. Merritt