SB 13: Development of Authentication and protocols Flashcards
What is a one-time password?
A password that is valid only for one session or transaction. An advantage is that they are not vulnerable to replay attacks.
Implementations:
1. SMS
2. Hardware token
3. Soft token –> apps on a mobile phone
Downside: they can be intercepted and rerouted or devices used to generate the OTP can get lost or break.
Describe the challenge-response method
Passwords are reusable they are susceptible to replay attacks (among others). One alternative to passwords is to authenticate by having the system send a challenge (e.g. in the form of a random message) to the entity trying to authenticate themselves. The entity need to respond to the challenge. Both the system and the entity have a secret function that is used to compute the challenge-response.
What is hardware supported challenge-response?
- General purpose computer (token) provides mechanisms for hashing and/or enciphering information. The system sends a challenge that the user enters into the device, which returns the appropriate response. Can be combined with further identification.
- Special purpose, temporally based. To authenticate the user provides a log in, then the number displayed and a password.