Английская Википедия:Encrypted key exchange

Материал из Онлайн справочника
Версия от 17:29, 3 марта 2024; EducationBot (обсуждение | вклад) (Новая страница: «{{Английская Википедия/Панель перехода}} thumb|upright=1.5|DH-EKE scheme '''Encrypted Key Exchange''' (also known as '''EKE''') is a family of password-authenticated key agreement methods described by Steven M. Bellovin and Michael Merritt.<ref>{{cite conference|author=S. M. Bellovin|author2=M. Merritt|title=Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks|book...»)
(разн.) ← Предыдущая версия | Текущая версия (разн.) | Следующая версия → (разн.)
Перейти к навигацииПерейти к поиску

Файл:EKE scheme.svg
DH-EKE scheme

Encrypted Key Exchange (also known as EKE) is a family of password-authenticated key agreement methods described by Steven M. Bellovin and Michael Merritt.[1] Although several of the forms of EKE in this paper were later found to be flawed Шаблон:Clarify, the surviving, refined, and enhanced forms of EKE effectively make this the first method to amplify a shared password into a shared key, where the shared key may subsequently be used to provide a zero-knowledge password proof or other functions.

In the most general form of EKE, at least one party encrypts an ephemeral (one-time) public key using a password, and sends it to a second party, who decrypts it and uses it to negotiate a shared key with the first party.

A second paper describes Augmented-EKE,[2] and introduced the concept of augmented password-authenticated key agreement for client/server scenarios. Augmented methods have the added goal of ensuring that password verification data stolen from a server cannot be used by an attacker to masquerade as the client, unless the attacker first determines the password (e.g. by performing a brute force attack on the stolen data).

A version of EKE based on Diffie–Hellman, known as DH-EKE, has survived attack and has led to improved variations, such as the PAK family of methods in IEEE P1363.2.

Since the US patent on EKE expired in late 2011, an EAP authentication method using EKE was published as an IETF RFC.[3] The EAP method uses the Diffie–Hellman variant of EKE.

Patents

Шаблон:US patent, owned by Lucent, describes the initial EKE method. It expired in October 2011.
Шаблон:US patent, owned by Lucent, describes the augmented EKE method. It expired in August 2013.

See also

References

Шаблон:Reflist


Шаблон:Cryptography navbox