Learn More
Password-based mechanism is the widely used method for authentication since it allows people to choose their own passwords without any assistant device to generate or store. However, people are used to choose easy-to-remember passwords such that guessing attacks could succeed. In 1992, Bellovin and Merritt proposed <i>Encrypted Key Exchange</i> (EKE)(More)
Three-party EKE was proposed to establish a session key between two clients through a server. However, three-party EKE is insecure against undetectable on-line and off-line password guessing attacks. In this paper, we first propose an enhanced three-party EKE to withstand the security risk in three-party EKE. We also propose a verifier-based three-party EKE(More)
— Three-party key-exchange protocols with password authentication — clients share an easy-to-remember password with a trusted server only — are very suitable for applications requiring secure communications between many lightweight clients (end users); it is simply impractical that every two clients share a common secret. In 1995, Steiner, Tsudik and(More)