A Study of Password Security
Our work is motivated by the question of whether or not the password scheme used in UNIX is secure. The following password scheme is a somewhat simplified version of the actual password scheme used in UNIX. We feel that this simplified version captures the essential features of the actual password scheme used in UNM. When a user logs in for the first time he creates a random password and types his user name together with the password into the system. The system creates an encryption of the password using the Data Encryp- tion Standard (DES) and stores this (only the encryption, not the password) together with the user name in a password file. Thereafter, whenever the user logs in and types in his user name and password the system computes the encryption of the password and only allows the user to successfully log in if the encryption matches the entry stored with the user name in the password file.
KeywordsUnauthorized User Probabilistic Polynomial Time Circuit Family Probabilistic Polynomial Time Algorithm Security Definition
- [De]Denning, D., Cryptography and Data Security, January 1983, Addison-Wesley Publishing Company, Inc.Google Scholar
- [GGM1]Goldreich, O., Goldwasser, S., Micali, S., How to Construct Random Functions, Proceedings of the 25th Annual Symposium on Foundations of Computer Science, October 24–26, 1984 Google Scholar
- [Le]Levin, L.A., One-Way Functions and Pseudorandom Generators, Proceedings of the 17th ACM Annual Symposium on Theory of Computing, May 6–8 1985, pp. 363–365.Google Scholar
- [LR1]Luby, M., Rackoff, C., Pseudo-random Permutation Generators and Cryptographic Composition, Proceedings of the 18th ACM Annual Symposium on Theory of Computing, May 28–30, 1984 Google Scholar
- [LR2]Luby, M., Rackoff, C., How to Construct Pseudo-random Permutations from Pseudo-random Bits, to appear in special issue on Cryptography, SIAM J. on ComputingGoogle Scholar