Securing password recovery through dispersion
Jajodia, Sushil; Litwin, Witold; Schwarz, Thomas (2012), Securing password recovery through dispersion, 2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN), proceedings, IEEE, p. 228-233. 10.1109/CASoN.2012.6412407
TypeCommunication / Conférence
Conference title2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)
Conference citySao Carlos
Book title2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN), proceedings
MetadataShow full item record
Laboratoire d'analyse et modélisation de systèmes pour l'aide à la décision [LAMSADE]
Abstract (EN)Passwords form the Achilles heel of most uses of modern cryptography. Key recovery is necessary to provide continuous access to documents and other electronic assets in spite of possible loss of a password. Key escrow services provide key recovery for the owner, but need to be trusted. Additionally, a user might want to divulge passwords in case of his/her death or incapacitation, but not before. We present here a scheme that uses dispersion to provide trusted escrow services. Our scheme uses secret sharing to disperse password recovery information over several escrow services that authenticate based on a weak password. To protect against dictionary attacks, each authentication attempt takes a noticeable, but tolerable time (e.g. minutes). We achieve this by having the share of the secret be the solution of a puzzle that is solved by brute force in time depending on the number of processors employed. This additionally prevents escrow agencies from optimizing their part in recovering a password by pre-computing and storing their share in a more accessible and hence vulnerable format.
Subjects / KeywordsCloud; Dispersion; Password escrow; Password recovery
Showing items related by title and author.