![Page 2: The PAK proposal for sacred WG Alec Brusilovsky abrusilovsky@lucent.com](https://reader037.vdocuments.site/reader037/viewer/2022091118/56649f145503460f94c28e75/html5/thumbnails/2.jpg)
Wednesday, August 3, 20052
Sacred WGIETF 63, Paris, France
Wish list
Mutual authentication based on just a pre-shared, human-memorizable password.
Fulfillment of the need to guard against a man-in-the-middle and against offline dictionary attack.
Simplicity and openness, to promote widespread adoption and to minimize flaws.
PAK (Password Authenticated Key exchange)– satisfies all of the above
– is proposed as a new work item for sacred
![Page 3: The PAK proposal for sacred WG Alec Brusilovsky abrusilovsky@lucent.com](https://reader037.vdocuments.site/reader037/viewer/2022091118/56649f145503460f94c28e75/html5/thumbnails/3.jpg)
Wednesday, August 3, 20053
Sacred WGIETF 63, Paris, France
Why PAK?
Provides strong key exchange with weak passwords
Foils the man-in-the-middle attack
Provides explicit mutual authentication
![Page 4: The PAK proposal for sacred WG Alec Brusilovsky abrusilovsky@lucent.com](https://reader037.vdocuments.site/reader037/viewer/2022091118/56649f145503460f94c28e75/html5/thumbnails/4.jpg)
Wednesday, August 3, 20054
Sacred WGIETF 63, Paris, France
Diffie-Hellman Key Exchange (1976) a refresher
Alice Bob
• Global public: x and y – primes y < x • Alice’s Key generation: Select private Ra; Ra < x Calculate public yRamod x
• Bob’s Key generation: Select private Rb; Rb < x Calculate public yRamod x
• Alice’s Key = Bob’s Key
(yRa)Rb mod x = (yRb)Ra mod x
K=(yRb)Ra mod x K=(yRa)Rb mod x
yRa mod x
yRb mod x
![Page 5: The PAK proposal for sacred WG Alec Brusilovsky abrusilovsky@lucent.com](https://reader037.vdocuments.site/reader037/viewer/2022091118/56649f145503460f94c28e75/html5/thumbnails/5.jpg)
Wednesday, August 3, 20055
Sacred WGIETF 63, Paris, France
PAK – an extension of the Diffie-Hellman Key Exchange
Alice Bob
Global public: x and y – primes, y < x
K=(yRb)Ra mod x K=(yRa)Rb mod x
yRa mod x
yRb mod x
K=HASH’’(PW, yRb*Ra mod x )K=HASH’’(PW, yRb*Ra mod x )
HASH(PW) * yRamod x
HASH’(PW) * yRbmod x Alice and Bob share password PW
![Page 6: The PAK proposal for sacred WG Alec Brusilovsky abrusilovsky@lucent.com](https://reader037.vdocuments.site/reader037/viewer/2022091118/56649f145503460f94c28e75/html5/thumbnails/6.jpg)
Wednesday, August 3, 20056
Sacred WGIETF 63, Paris, France
PAK – Password Authenticated Key Exchange Protocol (details omitted)
Alice Bob
K=HASH(3,PW, yRbRa mod x) K=HASH(3,PW, yRaRb mod x)
HASH(PW) * (yRa mod x)
HASH(PW) * (yRb mod x), S1
Alice and Bob share password PW
S2
S2 = HASH(2, PW, yRb mod x, yRa mod x, yRaRb mod x)
S1 = HASH(1, PW, yRa mod x, yRb mod x, yRaRb mod x)
K=HASH(3,PW, yRbRa mod x)
K=HASH(3,PW, yRaRb mod x)
![Page 7: The PAK proposal for sacred WG Alec Brusilovsky abrusilovsky@lucent.com](https://reader037.vdocuments.site/reader037/viewer/2022091118/56649f145503460f94c28e75/html5/thumbnails/7.jpg)
Wednesday, August 3, 20057
Sacred WGIETF 63, Paris, France
Plan9 – implementation of PAK
Plan 9 is distributed in an open source manner:
http://plan9.bell-labs.com/plan9dist/license.html
The particular algorithm used in Plan 9 is PAK. PAK is a seemingly obvious tweak to Diffie-Hellman
To download plan 9 go to:
http://plan9.bell-labs.com/plan9dist/download.html