English
Related papers

Related papers: Client-Server Password Recovery (Extended Abstract…

200 papers

Asymmetric password based key exchange is a key exchange protocol where a client and a server share a low entropic password while the server additionally owns a high entropic secret for a public key. There are simple solutions for this…

Cryptography and Security · Computer Science 2010-09-28 Shaoquan Jiang

Many damaging cybersecurity attacks are enabled when an attacker can access residual sensitive information (e.g. cryptographic keys, personal identifiers) left behind from earlier computation. Attackers can sometimes use residual…

Cryptography and Security · Computer Science 2021-06-21 Deborah Shands , Carolyn Talcott

Among the various means of available resource protection including biometrics, password based system is most simple, user friendly, cost effective and commonly used. But this method having high sensitivity with attacks. Most of the advanced…

Cryptography and Security · Computer Science 2009-10-13 Manoj Kumar Singh

Kintsugi is a protocol for key recovery, allowing a user to regain access to end-to-end encrypted data after they have lost their device, but still have their (potentially low-entropy) password. Existing E2EE key recovery methods, such as…

Cryptography and Security · Computer Science 2025-07-30 Emilie Ma , Martin Kleppmann

Building a password cracking server that preserves the privacy of the queries made to the server is a problem that has not yet been solved. Such a server could acquire practical relevance in the future: for instance, the tables used to…

Cryptography and Security · Computer Science 2013-08-01 Aureliano Calvo , Ariel Futoransky , Carlos Sarraute

Vulnerabilities related to weak passwords are a pressing global economic and security issue. We report a novel, simple, and effective approach to address the weak password problem. Building upon chaotic dynamics, criticality at phase…

Cryptography and Security · Computer Science 2015-05-27 T. V. Laptyeva , S. Flach , K. Kladko

Using the computational resources of an untrusted third party to crack a password hash can pose a high number of privacy and security risks. The act of revealing the hash digest could in itself negatively impact both the data subject who…

Cryptography and Security · Computer Science 2023-06-16 Norbert Tihanyi , Tamas Bisztray , Bertalan Borsos , Sebastien Raveau

Current authentication methods on the Web have serious weaknesses. First, services heavily rely on the traditional password paradigm, which diminishes the end-users' security and usability. Second, the lack of attribute-based authentication…

Password leaks have been frequently reported in recent years, with big companies like Sony, Amazon, LinkedIn, and Walmart falling victim to breaches involving the release of customer information. Even though passwords are usually stored in…

Cryptography and Security · Computer Science 2017-08-31 Michael Farcasin , Akhileshwar Guli , Eric Chan-Tin

Password users frequently employ passwords that are too simple, or they just reuse passwords for multiple websites. A common complaint is that utilizing secure passwords is too difficult. One possible solution to this problem is to use a…

Cryptography and Security · Computer Science 2019-06-04 Elan Rosenfeld , Santosh Vempala , Manuel Blum

This work explores injection attacks against password managers. In this setting, the adversary (only) controls their own application client, which they use to "inject" chosen payloads to a victim's client via, for example, sharing…

Cryptography and Security · Computer Science 2024-08-14 Andrés Fábrega , Armin Namavari , Rachit Agarwal , Ben Nassi , Thomas Ristenpart

Although it is common for users to select bad passwords that can be easily cracked by attackers, password-based authentication remains the most widely-used method. To encourage users to select good passwords, enterprises often enforce…

Cryptography and Security · Computer Science 2015-12-21 Cem S. Sahin , Robert Lychev , Neal Wagner

Strong passwords are fundamental to the security of password-based user authentication systems. In recent years, much effort has been made to evaluate password strength or to generate strong passwords. Unfortunately, the usability or…

Cryptography and Security · Computer Science 2020-06-25 Yao Cheng , Chang Xu , Zhen Hai , Yingjiu Li

Passwords are the primary authentication method online, but even with password policies and meters, users still find it hard to create strong and memorable passwords. In this paper, we propose DPAR: a Data-driven PAssword Recommendation…

Cryptography and Security · Computer Science 2024-06-06 Assaf Morag , Liron David , Eran Toch , Avishai Wool

Reusing passwords across multiple websites is a common practice that compromises security. Recently, Blum and Vempala have proposed password strategies to help people calculate, in their heads, passwords for different sites without…

Human-Computer Interaction · Computer Science 2018-05-28 Samira Samadi , Santosh Vempala , Adam Tauman Kalai

We introduce quantitative usability and security models to guide the design of password management schemes --- systematic strategies to help users create and remember multiple passwords. In the same way that security proofs in cryptography…

Cryptography and Security · Computer Science 2013-09-11 Jeremiah Blocki , Manuel Blum , Anupam Datta

Tools that synchronize passwords over several user devices typically store the encrypted passwords in a central online database. For encryption, a low-entropy, password-based key is used. Such a database may be subject to unauthorized…

Cryptography and Security · Computer Science 2015-06-16 Moritz Horsch , Andreas Hülsing , Johannes Buchmann

Private information retrieval (PIR) protocols allow a user to retrieve entries of a database without revealing the index of the desired item. Information-theoretical privacy can be achieved by the use of several servers and specific…

Information Theory · Computer Science 2018-09-05 Julien Lavauzelle

In a Private Information Retrieval (PIR) protocol, a user can download a file from a database without revealing the identity of the file to each individual server. A PIR protocol is called $t$-private if the identity of the file remains…

Information Theory · Computer Science 2019-03-06 Netanel Raviv , Itzhak Tamo , Eitan Yaakobi

This paper describes the problem of securing data by making it disappear after some time limit, making it impossible for it to be recovered by an unauthorized party. This method is in response to the need to keep the data secured and to…

Cryptography and Security · Computer Science 2011-12-13 Prashant Pilla