In many applications, the password is sent as cleartext to the server to be authenticated thus providing the eavesdropper with opportunity to steal valuable data. This paper presents a simple protocol based on zero knowledge proof by which the user can prove to the authentication server that he has the password without having to send the password to the server as either cleartext or in encrypted format. Thus the user can authenticate himself without having to actually reveal the password to the server. Also, another version of this protocol has been proposed which makes use of public key cryptography thus adding one more level of security to the protocol and enabling mutual authentication between the client & server.
"ZERO KNOWLEDGE PASSWORD AUTHENTICATION PROTOCOL,"
International Journal of Communication Networks and Security: Vol. 1
, Article 8.
Available at: https://www.interscience.in/ijcns/vol1/iss4/8