Speaker: Dan Brown, Certicom
Title: Passmaze: Secure User Key Retrieval
Abstract:
Passwords succumb too easily to both dictionary search and
malicious prompt attacks. Passmaze, a new protocol, aims to thwart
both these attacks. Its user secrets have a more entropy than
passwords typically do, preventing dictionary attacks. Users can
also authenticate the site, preventing malicious prompt attacks.
Servers or clients can help a user retrieve a digital signature key,
yet they cannot attack the key, which is useful for roaming
non-repudiation. (Eprint at http://eprint.iacr.org/2005/434)