Abstract
Password is commonly used to protect Bitcoin wallet, the most known application of blockchain. In this paper, we investigate a subtle issue when forgetting password: The account owner uses guessed passwords during the authentication with a service provider. This is different from password guessing by cyber attackers, because passwords guessed by the account owner are (most likely) his/her passwords (or their minor variations) registered with other service providers. Thus, the confidentiality of incorrect passwords in unsuccessful authentication needs protection. To capture this security requirement, we define two security goals: Indistinguishability of Incorrect Passwords (IND-PW) and Unextractablility of Incorrect Passwords (UNE-PW). Our analysis shows that: (1) IND-PW is NOT achievable if password is the only authentication credential of the client, and (2) Two common authentication methods in online services, Basic and Digest Access Authentication (in conjunction with SSL), CANNOT provide UNE-PW.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
