The present invention relates generally to password-based authentication, and more specifically to password-based authentication in plural-server systems whereby access to a resource is controlled in dependence on authentication of user passwords by the server system.
Passwords are still the most prevalent mechanism for user authentication in data processing systems. In conventional password-based authentication systems, users connect to a server which controls access to the protected resource and maintains a database of user IDs, e.g. user names, with their associated user passwords stored in simple hashed form. To authenticate a user, the server verifies if a password newly-supplied by the user yields the same hash value. If the access control server is compromised, however, user passwords are vulnerable to offline attacks using dictionaries or brute-forcing of the message space. As current graphical processors can test many billions of combinations per second, security should be considered lost as soon as an offline attack can be mounted against the password data.
To reduce exposure to an offline attack through server compromise, password-based authentication can be performed by a plurality of servers. Authentication data can be split between servers, and the user then interacts with all servers in the authentication protocol since information of all servers is required for authentication. This improves security, as more than one server must be hacked for user passwords to be compromised. One example of a two-server authentication system is described in “A New Two-server Approach for Authentication with Short Secrets”, Brainard et al., USENIX 2003.