Talk:Zero-knowledge password proof

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

Technique[edit]

This article does not tell what I would like to know: how exactly it is possible to be sure I know the password without knowing the password. Yecril 19:59, 28 July 2007 (UTC)[reply]

In banking[edit]

To authenticate yourself to at least one of the banks in the UK, you are asked to provide a certain letter from your password (ie, the first, or the seventh or both). In that case, the password is never revealed, but the callcenter worker can verify that the letters are correct.Dutchdavey 12:18, 3 September 2007 (UTC)[reply]

HSBC use this authentication method (ie, the first digit, and third and last) BUT is this really ZKPP? It doesn't seem like it to me because you have gained some knowledge of the password. After a few iterations you would have the entire password. If it isn't then is there a real world example that is equivalent to the people walking into the caves and coming out of path A or B thing? —Preceding unsigned comment added by 81.105.68.11 (talk) 08:41, 11 November 2007 (UTC)[reply]
I don't it's Zero Knowledge at all. To be able to verify any letter the bank would need to know the entirety of the password in the first place. I think an example of ZK would be if the bank sends a nonce that you have to sign with your private key, and the bank only has your public key.--Joancharmant (talk) 13:14, 6 March 2014 (UTC)[reply]

Re-direct[edit]

I deleted the old page and simply put in a link to password-based authentication. I am a cryptographer and have never seen the terminology "zero-knowledge password proof" in the technical literature, nor is it clear to me how it would be any different from what is already achieved by password-based key-exchange protocols. —Preceding unsigned comment added by 128.8.131.12 (talk) 23:36, 14 February 2008 (UTC)[reply]

Not notable[edit]

I still maintain that the terminology "ZKPP" is never used in the technical literature. (Or, if it is used, it is not common.) Again, as far as I am aware a ZKPP as referred to by this article is equivalent to password-authenticated key exchange. —Preceding unsigned comment added by 128.8.131.12 (talk) 20:44, 26 February 2008 (UTC)[reply]

Notable[edit]

Most of the "old page" content that was deleted by 128.8.131.12 has been reverted. Some content was left deleted, as being unnecessarily duplicative of the content of password-authenticated key exchange (PAKE). However, the term ZKPP clearly deserves a page of its own since it is not a synonym of PAKE; Rather, a ZKPP is merely one of the things that may be provided by a PAKE protocol, other things being mutual authentication and key exchange. Similarly, zero-knowledge proof is not a synonym for commitment_scheme. A literature reference has been added from a technical standard. The parenthetical remark about ZKPPs not being "zero knowledge" was replaced with a more accurate statement about a ZKPP and a ZKP are the same, and how a ZKPP differs from other kinds of zero-knowledge proofs. — Preceding unsigned comment added by 72.72.33.235 (talk) 23:20, 12 October 2008 (GMT)

A ZKPP is decidedly not the same as a zero-knowledge proof. The problems being considered are different, and a ZKPP does not technically satisfy either the semantics or the security properties of a ZKP. (A ZKP proves membership in a language to any verifier, while a ZKPP proves knowledge of a shared password to a second party who also shares that same password.) —Preceding unsigned comment added by 192.76.146.141 (talk) 10:40, 4 December 2008 (UTC)[reply]
How could it have been any duplication "of the content of password-authenticated key exchange (PAKE)", when said article doesn't exist, and appears to have never existed (no entry in its deletion logs)?! A search for the term, however, reveals the more broad article on password-authenticated key agreement, but it doesn't even have a dedicated section for "PAKE". -- Jokes Free4Me (talk) 18:08, 28 June 2013 (UTC)[reply]