Password-Based Authentication: Preventing Dictionary Attacks.

The article discusses protocols for preventing attacks on password-based computer authentication. The use of passwords on insecure communication channels such as the Internet can allow others to eavesdrop and learn passwords. Challenge-response protocols have been established to protect passwords by requiring users to answer a challenge prior to password verification. A password-based encrypted key exchange uses session keys to prevent password attacks. A secure remote password (SRP) combines zero-knowledge proofs and asymmetric key-exchange protocols. Though the standard model of key exchange is utilized in cryptography, alternative models use block ciphers in place of ideal ciphers. Reverse Turing tests (RTT) prevent automated programs from stealing passwords.