David Jablon's Research Papers on Password-based Cryptography
| [Jab96] |
D. Jablon, Strong Password-Only Authenticated Key Exchange Computer Communication Review, ACM SIGCOMM, vol. 26, no. 5, pp. 5-26, October 1996. ACM copy Author's copy: jab96.pdf Errata: See the revised version: March 2, 1997 (formerly available at www.integritysciences.com and world.std.com/~dpj/), which discusses the "password-in-exponent" attack found for one form of [Jab96]-SPEKE, discovered by Gong, Langford, Jablon, and others. This was also discussed in [Jab97]. |
| [Jab97] |
D. Jablon, Extended Password Key Exchange Protocols Immune to Dictionary Attacks Proceedings of the Sixth Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET-ICE '97), IEEE Computer Society, June 18-20, 1997, Cambridge, MA, pp. 248-255. IEEE copy Author's copy: jab97.pdf Errata: On page 4, the suggestion that "g=S2, and S=h(gC)" is impossible. |
| [Jab01] |
D. Jablon, Password Authentication Using Multiple Servers, LNCS 2020: Topics in Cryptology -- CT-RSA 2001, April 8-12, 2001 Proceedings, pp. 344-360, 2001, Springer-Verlag. Springer copy Author's copy: jab01.pdf Errata: (1) This paper refers to the Sep. 2001 version of [FK00], and mistakenly attributes to it a limitation of the June 2001 presentation version. The June version required a server-authenticated channel, but the Sep. version eliminated that requirement. (2) On p. 10 and following, proofPKm should equal "h(Km || gP)", instead of "h(Km || g)". |
See also my comprehensive list of Research Papers on Password-based Cryptography.