Password-Based Protocols

  • Colin Boyd
  • Anish Mathuria
Part of the Information Security and Cryptography book series (ISC)


Cryptographic authentication relies on possession of a key by the party to be authenticated. Such a key is usually chosen randomly within its domain and can be of lengths from around 100 bits up to many thousands of bits, depending on the algorithm used and security level desired. Experience has shown [109, 333] that humans find it difficult to remember secrets in the form of passwords of even seven or eight characters. But if all upper and lower case letters are used together with the digits 0 to 9 then a random eight-character password represents less than 48 bits of randomness. Therefore we can conclude that even short random keys for cryptographic algorithms cannot be reliably remembered by humans. Another way to express this is that it can be assumed that a computer is able to search through all possible passwords in a short time.


Hash Function Shared Secret Encryption Algorithm Forward Secrecy Symmetric Encryption Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Colin Boyd
    • 1
  • Anish Mathuria
    • 2
  1. 1.School of Software Engineering and Data CommunicationsQueensland University of TechnologyBrisbaneAustralia
  2. 2.Dhirubhai Ambani Institute of Information & Communication TechnologyGandhinagar, GujaratIndia

Personalised recommendations