Abstract
We give the first proof of security for the full Unix password hashing algorithm (rather than of a simplified variant). Our results show that it is very good at extracting almost all of the available strength from the underlying cryptographic primitive and provide good reason for confidence in the Unix construction.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Bellare, J. Kilian, P. Rogaway, “The Security of the Cipher Block Chaining Message Authentication Code,” CRYPTO’ 94, Springer-Verlag, 1994.
M. Bellare, R. Canetti, H. Krawczyk, “Keying hash functions for message authentication,”, CRYPTO’ 96, Springer-Verlag, 1996.
M. Bishop, D.V. Klein, “Improving system security via proactive password checking,” Computers & Security, vol.14, (no.3), 1995, pp.233–249.
Electronic Frontier Foundation, Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design, O’Reilly, 1998.
D.C. Feldmeier and P.R. Karn, “UNIX password security-ten years later.” CRYPTO’ 89, Springer-Verlag, 1990, pp.44–63.
O. Goldreich, “Foundations of Cryptography (Fragments of a Book),” Chapter 3.
S. Goldwasser, M. Bellare, “Lecture Notes on Cryptography,” available online from http://www-cse.ucsd.edu/users/mihir/papers/gb.html.
J. Hastad, R. Impagliazzo, L.A. Levin, M. Luby, “A pseudorandom generator from any one-way function,” SIAM Journal on Computing, vol.28 no.4, 1999.
J. Hietaniemi, “ipasswd-proactive password security,” Proc. 6th Systems Administration Conf. (LISA VI), USENIX Association, 1992, pp.105–114.
R. Impagliazzo and D. Zuckerman, “How to Recycle Random Bits,” FOCS’ 89, IEEE Press, 1989.
D.V. Klein, “Foiling the cracker: a survey of, and improvements to, password security,” USENIX Workshop Proceedings: UNIX Security II, USENIX Assoc., 1990.
M. Luby, C. Racko., “A study of password security,” CRYPTO’ 87, Springer-Verlag, 1988.
M. Luby, C. Racko., “A study of password security,” J. Cryptology, vol. 1 no. 3, 1989.
R. Morris, K. Thompson, “Password security: a case history,” Communications of the ACM, vol. 22, no. 11, Nov. 1979.
T. Wu, “A real-world analysis of Kerberos password security,” Proc. 1999 Network and Distributed System Security Symp., Internet Soc., 1999, pp.13–22.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wagner, D., Goldberg, I. (2000). Proofs of Security for the Unix Password Hashing Algorithm. In: Okamoto, T. (eds) Advances in Cryptology — ASIACRYPT 2000. ASIACRYPT 2000. Lecture Notes in Computer Science, vol 1976. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44448-3_43
Download citation
DOI: https://doi.org/10.1007/3-540-44448-3_43
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41404-9
Online ISBN: 978-3-540-44448-0
eBook Packages: Springer Book Archive