Improved cryptographic techniques are provided by which a device that
performs private key operations (e.g., signatures and/or decryptions),
and whose private key operations are protected by a password, is
immunized against offline dictionary attacks in case of capture by
forcing the device to confirm a password guess with a designated entity
or party in order to perform a private key operation, and by which the
initiating device may dynamically delegate the password-checking function
(i.e., confirmation of the password guess) from the originally designated
entity or party to another designated entity or party.