{"id":"https://openalex.org/W3196416974","doi":"https://doi.org/10.1109/csr51186.2021.9527961","title":"On Security of Key Derivation Functions in Password-based Cryptography","display_name":"On Security of Key Derivation Functions in Password-based Cryptography","publication_year":2021,"publication_date":"2021-07-26","ids":{"openalex":"https://openalex.org/W3196416974","doi":"https://doi.org/10.1109/csr51186.2021.9527961","mag":"3196416974"},"language":"en","primary_location":{"id":"doi:10.1109/csr51186.2021.9527961","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr51186.2021.9527961","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5012554221","display_name":"Gaurav Kodwani","orcid":null},"institutions":[{"id":"https://openalex.org/I392282","display_name":"University at Albany, State University of New York","ror":"https://ror.org/012zs8222","country_code":"US","type":"education","lineage":["https://openalex.org/I392282"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Gaurav Kodwani","raw_affiliation_strings":["University at Albany,Department of Computer Science,SUNY Albany,NY,USA"],"affiliations":[{"raw_affiliation_string":"University at Albany,Department of Computer Science,SUNY Albany,NY,USA","institution_ids":["https://openalex.org/I392282"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042926496","display_name":"Shashank Arora","orcid":"https://orcid.org/0000-0002-2536-4869"},"institutions":[{"id":"https://openalex.org/I392282","display_name":"University at Albany, State University of New York","ror":"https://ror.org/012zs8222","country_code":"US","type":"education","lineage":["https://openalex.org/I392282"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shashank Arora","raw_affiliation_strings":["University at Albany,Department of Computer Science,SUNY Albany,NY,USA"],"affiliations":[{"raw_affiliation_string":"University at Albany,Department of Computer Science,SUNY Albany,NY,USA","institution_ids":["https://openalex.org/I392282"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5034818486","display_name":"Pradeep K. Atrey","orcid":"https://orcid.org/0000-0002-9577-0969"},"institutions":[{"id":"https://openalex.org/I392282","display_name":"University at Albany, State University of New York","ror":"https://ror.org/012zs8222","country_code":"US","type":"education","lineage":["https://openalex.org/I392282"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Pradeep K. Atrey","raw_affiliation_strings":["University at Albany,Department of Computer Science,SUNY Albany,NY,USA"],"affiliations":[{"raw_affiliation_string":"University at Albany,Department of Computer Science,SUNY Albany,NY,USA","institution_ids":["https://openalex.org/I392282"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5012554221"],"corresponding_institution_ids":["https://openalex.org/I392282"],"apc_list":null,"apc_paid":null,"fwci":0.4079,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.68706557,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"109","last_page":"114"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.9308618307113647},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7211484909057617},{"id":"https://openalex.org/keywords/s/key","display_name":"S/KEY","score":0.697687566280365},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.6374355554580688},{"id":"https://openalex.org/keywords/zero-knowledge-password-proof","display_name":"Zero-knowledge password proof","score":0.5997955799102783},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5930454730987549},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.5652762651443481},{"id":"https://openalex.org/keywords/password-strength","display_name":"Password strength","score":0.5618636012077332},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.560388445854187},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.5442829132080078},{"id":"https://openalex.org/keywords/password-cracking","display_name":"Password cracking","score":0.534083366394043},{"id":"https://openalex.org/keywords/collision","display_name":"Collision","score":0.5158321261405945},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.47161605954170227},{"id":"https://openalex.org/keywords/password-policy","display_name":"Password policy","score":0.4386245608329773}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.9308618307113647},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7211484909057617},{"id":"https://openalex.org/C4957475","wikidata":"https://www.wikidata.org/wiki/Q242186","display_name":"S/KEY","level":3,"score":0.697687566280365},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.6374355554580688},{"id":"https://openalex.org/C188615804","wikidata":"https://www.wikidata.org/wiki/Q8069448","display_name":"Zero-knowledge password proof","level":5,"score":0.5997955799102783},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5930454730987549},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.5652762651443481},{"id":"https://openalex.org/C70530487","wikidata":"https://www.wikidata.org/wiki/Q1990841","display_name":"Password strength","level":4,"score":0.5618636012077332},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.560388445854187},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.5442829132080078},{"id":"https://openalex.org/C3847113","wikidata":"https://www.wikidata.org/wiki/Q2746524","display_name":"Password cracking","level":5,"score":0.534083366394043},{"id":"https://openalex.org/C121704057","wikidata":"https://www.wikidata.org/wiki/Q352070","display_name":"Collision","level":2,"score":0.5158321261405945},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.47161605954170227},{"id":"https://openalex.org/C98705547","wikidata":"https://www.wikidata.org/wiki/Q3394687","display_name":"Password policy","level":4,"score":0.4386245608329773}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/csr51186.2021.9527961","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr51186.2021.9527961","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6000000238418579}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W1515595447","https://openalex.org/W1658032532","https://openalex.org/W1746848557","https://openalex.org/W1799884017","https://openalex.org/W1877381484","https://openalex.org/W2055621644","https://openalex.org/W2066346924","https://openalex.org/W2091948371","https://openalex.org/W2149929743","https://openalex.org/W2160879729","https://openalex.org/W2243922459","https://openalex.org/W2299258129","https://openalex.org/W2399353113","https://openalex.org/W2644662048","https://openalex.org/W2730172711","https://openalex.org/W2916399511","https://openalex.org/W4232136755"],"related_works":["https://openalex.org/W313857503","https://openalex.org/W2611520932","https://openalex.org/W2953105088","https://openalex.org/W2017283799","https://openalex.org/W3131491961","https://openalex.org/W2969720675","https://openalex.org/W4299928509","https://openalex.org/W1995890708","https://openalex.org/W1571454820","https://openalex.org/W2961017089"],"abstract_inverted_index":{"Most":[0],"common":[1],"user":[2,24,37,74],"authentication":[3],"methods":[4],"use":[5],"some":[6],"form":[7],"of":[8,13,50],"password":[9,75],"or":[10],"a":[11,87,91],"combination":[12],"passwords.":[14,83],"However,":[15],"encryption":[16],"schemes":[17],"are":[18,33],"generally":[19],"not":[20],"directly":[21],"compatible":[22],"with":[23,72,79],"passwords":[25,38],"and":[26,52,57],"thus,":[27],"Password-Based":[28],"Key":[29],"Derivation":[30],"Functions":[31],"(PBKDFs)":[32],"used":[34],"to":[35,68,103,111,116,130],"convert":[36],"into":[39],"cryptographic":[40],"keys.":[41],"In":[42],"this":[43],"paper,":[44],"we":[45,64],"analyze":[46],"the":[47,94,106],"theoretical":[48],"security":[49],"PBKDF2":[51,104],"present":[53],"two":[54],"vulnerabilities,":[55],"\u03b3-collision":[56],"\u03b4-collision.":[58],"Using":[59],"AES-128":[60,98,119],"as":[61],"our":[62],"exemplar,":[63],"show":[65],"that":[66,89],"due":[67],"\u03b3-collision,":[69],"text":[70],"encrypted":[71],"one":[73],"can":[76],"be":[77],"decrypted":[78],"\u03b3":[80],"1":[81],"different":[82],"We":[84],"also":[85],"provide":[86],"proof":[88],"finding\u2212":[90],"collision":[92],"in":[93,120],"derived":[95],"key":[96],"for":[97],"requires":[99],"\u03b4":[100],"lesser":[101],"calls":[102],"than":[105],"known":[107],"Birthday":[108],"attack.":[109],"Due":[110],"this,":[112],"it":[113],"is":[114,128],"possible":[115],"break":[117],"password-based":[118],"O(2":[121],"<sup":[122],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[123],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">64</sup>":[124],")":[125],"calls,":[126],"which":[127],"equivalent":[129],"brute-forcing":[131],"DES.":[132]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":2},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}