Version v0.4
lecture: Modern cryptographic password and authentication methods
A look at the SPHINX and OPAQUE protocols
Passwords are hard, websites still authenticate using hashes of them. We can do much better, i'll show how.
I'm gonna present the SPHINX protocol which implements a external password store in which all but the users host can be controlled by an adversary and yet it remains secure as long as the Discrete Log problem is unsolved and can only be attacked with a brute-force attack. This model provides resistance against the strongest attacker model which does not control the users device on which the user enters their password. And even if there is a keylogger on the users device, the password is useless without the contribution of the external password storage.
The OPAQUE protocol provides a strong cryptographic framework in which the authenticating server never sees the password of a user, and an attacker compromising this server has negligible chances of recovering any authentication tokens from a user database. The only drawback of this protocol is that it needs two rounds to authenticate both peers, apart from that it should be the protocol replacing all (hashed) password databases.
A combination of the SPHINX and the OPAQUE protocol creates an authentication mechanism where the only significant point of attack is the users host, and even in that case only passwords/authentication tokens are compromised which are actively captured by keyloggers.
Speakers
stf |