Challenge-response Authentication

In computer security, challenge-response authentication relies on the possession of a secret of some sort to perform authentication. A very simple example is asking for a password, where the challenge is asking for the password, and the adequate response is the correct password. This was adequate in the days before the Internet, when the user could be sure that the system asking for the password was really the system they were trying to access, and that nobody was likely to be eavesdropping on the communication channel to observe the password being entered. These days, a more sophisticated approach is necessary involving two-way authentication, where both the user and the system must each convince the other that they know the shared secret (the password), without this secret ever being transmitted in the clear over the communication channel, where eavesdroppers might be lurking. The way this is done involves using the password as the encryption key to transmit some randomly-generated information as the challenge, whereupon the other end must return as its response a similarly-encrypted value which is some predetermined function of the originally-offered information, thus proving that it was able to decrypt the challenge. For instance, in Kerberos, the challenge is an encrypted integer N, while the response is the encrypted integer N + 1, proving that the other end was able to decrypt the integer N. Note that the exchange itself does not supply enough information to allow an eavesdropper to deduce what the password is. The use of information which is randomly generated on each exchange (and where the response is different from the challenge!) guards against the possibility of a replay attack, where a malicious intermediary simply records the exchanged data and retransmits it at a later time to fool one end into thinking it has authenticated a new connection attempt from the other. More sophisticated algorithms include CRAM-MD5, or ssh's challenge-response system based on RSA http://www.cag.lcs.mit.edu/~rugina/ssh-procedures/.

See also

 

<< PreviousWord BrowserNext >>
henry l. hunt
william quentin jones
fellowship of the rosy cross
scatterplot
theories of imperialism
kusunai
xi wangmu
circuit party
information content exchange
car wheels on a gravel road
bonaventura cavalieri
thomas l. beard
river cole, west midlands
monopoly (disambiguation)
classical mythology
willem schouten
super game boy
sepia tone
hybrid theory ep
american depositary receipt
haversham
sepia
hawridge
samuel l. lewis
david morris
hedgerley & dean
uta
list of individuals executed by the united states
union des transports aeriens
mike rogers
mike j. rogers
schouten islands
hedsor
hillesden
male lactation
east texas
chauncey depew
george nethercutt
chicago 'l'
infinity inc.
a prayer for owen meany
doc hastings
errno.h
congressional black caucus
Copyright 2005-2009 OnPedia.com. All Rights Reserved