Advertisement

A Study of Password Security

  • Michael Luby
  • Charles Rackoff
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 293)

Abstract

Our work is motivated by the question of whether or not the password scheme used in UNIX is secure. The following password scheme is a somewhat simplified version of the actual password scheme used in UNIX. We feel that this simplified version captures the essential features of the actual password scheme used in UNM. When a user logs in for the first time he creates a random password and types his user name together with the password into the system. The system creates an encryption of the password using the Data Encryp- tion Standard (DES) and stores this (only the encryption, not the password) together with the user name in a password file. Thereafter, whenever the user logs in and types in his user name and password the system computes the encryption of the password and only allows the user to successfully log in if the encryption matches the entry stored with the user name in the password file.

Keywords

Unauthorized User Probabilistic Polynomial Time Circuit Family Probabilistic Polynomial Time Algorithm Security Definition 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. [De]
    Denning, D., Cryptography and Data Security, January 1983, Addison-Wesley Publishing Company, Inc.Google Scholar
  2. [GGM1]
    Goldreich, O., Goldwasser, S., Micali, S., How to Construct Random Functions, Proceedings of the 25th Annual Symposium on Foundations of Computer Science, October 24–26, 1984 Google Scholar
  3. [GGM2]
    Goldreich, O., Goldwasser, S., Micali, S., How to Construct Random Functions, J. for Association of Computing Machinery, Vol. 33, No. 4, October 1986, pp. 792–807 of Computer Science, October 24–26, 1984MathSciNetCrossRefGoogle Scholar
  4. [Le]
    Levin, L.A., One-Way Functions and Pseudorandom Generators, Proceedings of the 17th ACM Annual Symposium on Theory of Computing, May 6–8 1985, pp. 363–365.Google Scholar
  5. [LR1]
    Luby, M., Rackoff, C., Pseudo-random Permutation Generators and Cryptographic Composition, Proceedings of the 18th ACM Annual Symposium on Theory of Computing, May 28–30, 1984 Google Scholar
  6. [LR2]
    Luby, M., Rackoff, C., How to Construct Pseudo-random Permutations from Pseudo-random Bits, to appear in special issue on Cryptography, SIAM J. on ComputingGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1988

Authors and Affiliations

  • Michael Luby
    • 1
  • Charles Rackoff
    • 1
  1. 1.University of TorontoToronto

Personalised recommendations