-
- T. Lomas
- University of Cambridge Computer Laboratory, New Museums Site, Pembroke Street, Cambridge CB2 3QG, England
-
- L. Gong
- University of Cambridge Computer Laboratory, New Museums Site, Pembroke Street, Cambridge CB2 3QG, England
-
- J. Saltzer
- University of Cambridge Computer Laboratory, New Museums Site, Pembroke Street, Cambridge CB2 3QG, England
-
- R. Needhamn
- University of Cambridge Computer Laboratory, New Museums Site, Pembroke Street, Cambridge CB2 3QG, England
抄録
<jats:p>It is well-known that, left to themselves, people will choose passwords that can be rather readily guessed. If this is done, they are usually vulnerable to an attack based on copying the content of messages forming part of an authentication protocol and experimenting, e.g. with a dictionary, offline. The most usual counter to this threat is to require people to use passwords which are obscure, or even to insist on the system choosing their passwords for them. In this paper we show alternatively how to construct an authentication protocol in which offline experimentation is impracticable; any attack based on experiment must involve the real authentication server and is thus open to detection by the server noticing multiple attempts.</jats:p>
収録刊行物
-
- ACM SIGOPS Operating Systems Review
-
ACM SIGOPS Operating Systems Review 23 (5), 14-18, 1989-11
Association for Computing Machinery (ACM)
- Tweet
詳細情報 詳細情報について
-
- CRID
- 1361981471146414080
-
- NII論文ID
- 30013224111
-
- ISSN
- 01635980
-
- データソース種別
-
- Crossref
- CiNii Articles
