Abstract
A PAKR (Password-Authenticated Key Retrieval) protocol and its multi-server system allow one party (say, client), who has a memorable password, to retrieve a long-term static key in an exchange of messages with at least one other party (say, server) that has a private key associated with the password. In this paper, we analyze the only PAKR (named as PKRS-1) standardized in IEEE 1363.2 [9] and its multi-server system (also, [12] ) by showing that any passive/active attacker can find out the client’s password and the static key with off-line dictionary attacks. This result contradicts the security claims made for PKRS-1 (see Clause 10.2 of IEEE 1363.2 [9] ).
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
