Abstract
Our work is motivated by the question of whether or not the password scheme used in UNIX is secure. The following password scheme is a somewhat simplified version of the actual password scheme used in UNIX. We feel that this simplified version captures the essential features of the actual password scheme used in UNM. When a user logs in for the first time he creates a random password and types his user name together with the password into the system. The system creates an encryption of the password using the Data Encryp- tion Standard (DES) and stores this (only the encryption, not the password) together with the user name in a password file. Thereafter, whenever the user logs in and types in his user name and password the system computes the encryption of the password and only allows the user to successfully log in if the encryption matches the entry stored with the user name in the password file.
research partially supported by the Canadian Natural Sciences and Engineering Research Council operating grant A8092 and by a University of Toronto research grant
research partially supported by the Canadian Natural Sciences and Engineering Research Council operating grant A3611
Chapter PDF
Similar content being viewed by others
Keywords
- Unauthorized User
- Probabilistic Polynomial Time
- Circuit Family
- Probabilistic Polynomial Time Algorithm
- Security Definition
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Denning, D., Cryptography and Data Security, January 1983, Addison-Wesley Publishing Company, Inc.
Goldreich, O., Goldwasser, S., Micali, S., How to Construct Random Functions, Proceedings of the 25th Annual Symposium on Foundations of Computer Science, October 24–26, 1984
Goldreich, O., Goldwasser, S., Micali, S., How to Construct Random Functions, J. for Association of Computing Machinery, Vol. 33, No. 4, October 1986, pp. 792–807 of Computer Science, October 24–26, 1984
Levin, L.A., One-Way Functions and Pseudorandom Generators, Proceedings of the 17th ACM Annual Symposium on Theory of Computing, May 6–8 1985, pp. 363–365.
Luby, M., Rackoff, C., Pseudo-random Permutation Generators and Cryptographic Composition, Proceedings of the 18th ACM Annual Symposium on Theory of Computing, May 28–30, 1984
Luby, M., Rackoff, C., How to Construct Pseudo-random Permutations from Pseudo-random Bits, to appear in special issue on Cryptography, SIAM J. on Computing
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1988 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Luby, M., Rackoff, C. (1988). A Study of Password Security. In: Pomerance, C. (eds) Advances in Cryptology — CRYPTO ’87. CRYPTO 1987. Lecture Notes in Computer Science, vol 293. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48184-2_34
Download citation
DOI: https://doi.org/10.1007/3-540-48184-2_34
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-18796-7
Online ISBN: 978-3-540-48184-3
eBook Packages: Springer Book Archive