Analysing Password Protocol Security Against Off-line Dictionary Attacks

We study the security of password protocols against off-line dictionary attacks. In addition to the standard adversary abilities, we also consider further cryptographic advantages given to the adversary when considering the password protocol being instantiated with particular encryption schemes. We work with the applied pi calculus of Abadi and Fournet, in which we present novel equational theories to model the (new) adversary abilities.These new abilities are crucial in the analysis of our case studies, the Encrypted Password Transmission (EPT) protocol of Halevi and Krawczyk, and the well-known Encrypted Key Exchange (EKE) of Bellovin and Merritt. In the latter, we find an attack that arises when considering the ability of distinguishing ciphertexts from random noise. We propose a modification to EKE that prevents this attack.