{"draft":"draft-shin-augmented-pake-15","doc_id":"RFC6628","title":"Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2","authors":["S. Shin","K. Kobara"],"format":["ASCII","HTML"],"page_count":"20","pub_status":"EXPERIMENTAL","status":"EXPERIMENTAL","source":"IETF - NON WORKING GROUP","abstract":"This document describes an efficient augmented password-only\r\nauthentication and key exchange (AugPAKE) protocol where a user\r\nremembers a low-entropy password and its verifier is registered in\r\nthe intended server.  In general, the user password is chosen from a small set\r\nof dictionary words that allows an attacker to perform exhaustive\r\nsearches (i.e., off-line dictionary attacks).  The AugPAKE protocol described\r\nhere is secure against passive attacks, active attacks, and off-line\r\ndictionary attacks (on the obtained messages with passive\/active attacks), and\r\nalso provides resistance to server compromise (in the context of augmented\r\nPAKE security).  In addition, this document describes how the AugPAKE\r\nprotocol is integrated into the Internet Key Exchange Protocol version 2\r\n(IKEv2).  This document defines an Experimental Protocol for the Internet\r\ncommunity.","pub_date":"June 2012","keywords":["PAKE","augmented PAKE","off-line dictionary attacks","resistance to server compromise"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC6628","errata_url":null}