Check out the new USENIX Web site. next up previous
Next: About this document ... Up: A Future-Adaptable Password Scheme Previous: Acknowledgments

References

1
Martín Abadi, T. Mark A. Lomas, and Roger Needham.
Strengthening passwords.
Technical note 1997-033, DEC Systems Research Center, September 1997.

2
Steven M. Bellovin and Michael Merritt.
Encrypted key exchange: Password-based protocols secure against dictionary attacks.
In Proceedings of the 1992 IEEE Symposium on Security and Privacy, Oakland, CA, May 1992.

3
Steven M. Bellovin and Michael Merritt.
Augmented encrypted key exchange.
In Proceedings of the First ACM Conference on Computer and Communications Security, pages 224-250, Oakland, CA, November 1993.

4
Eli Biham.
A Fast New DES Implementation in Software.
In Fast Software Encryption, 4th International Workshop Proceedings, pages 260-271. Springer-Verlag, 1997.

5
Solar Designer.
John the Ripper.
: !:}https://www.false.com/security/john.

6
Electronic Frontier Foundation.
Cracking DES.
O'Reilly and Associates, 1998.

7
Li Gong, T. Mark A. Lomas, Roger M. Needham, and Jerome H. Saltzer.
Protecting poorly chosen secrets from guessing attacks.
IEEE Journal on Selected Areas in Communications, 11(5):648-656, June 1993.

8
Shai Halevi and Hugo Krawczyk.
Public-key cryptography and password protocols.
In Proceedings of the 5th ACM Conference on Computer and Communications Security, 1998.

9
Robert Morris and Ken Thompson.
Password Security: A Case History.
Communications of the ACM, 22(11):594-597, November 1979.

10
National Bureau of Standards.
Data Encryption Standard, January 1977.
FIPS Publication 46.

11
Sarvar Patel.
Number theoretic attacks on secure password schemes.
In Proceedings of the 1997 IEEE Symposium on Security and Privacy, pages 236-247, Oakland, CA, May 1997.

12
QCrack.
: !:}ftp://chaos.infospace.com/pub/qcrack/qcrack-1.02.tar.gz.

13
R. L. Rivest.
The MD5 Message Digest Algorithm.
RFC 1321, Apr 1992.

14
Michael Ruby.
Pseudorandomness and Cryptographic Applications.
Princeton Computer Science Notes, 1996.

15
Bruce Schneier.
Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish).
In Fast Software Encryption, Cambridge Security Workshop Proceedings, pages 191-204. Springer-Verlag, December 1993.

16
Thomas Wu.
The secure remote password protocol.
In Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, pages 97-111, San Diego, CA, March 1998.

17
Tatu Ylönen.
SSH - secure login connections over the Internet.
In Proceedings of the 6th USENIX Security Symposium, pages 37-42, July 1996.

Niels Provos and David Mazieres
4/28/1999