SB 13: Development of Authentication and protocols Flashcards

1
Q

What is a one-time password?

A

A password that is valid only for one session or transaction. An advantage is that they are not vulnerable to replay attacks.

Implementations:
1. SMS
2. Hardware token
3. Soft token –> apps on a mobile phone

Downside: they can be intercepted and rerouted or devices used to generate the OTP can get lost or break.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe the challenge-response method

A

Passwords are reusable they are susceptible to replay attacks (among others). One alternative to passwords is to authenticate by having the system send a challenge (e.g. in the form of a random message) to the entity trying to authenticate themselves. The entity need to respond to the challenge. Both the system and the entity have a secret function that is used to compute the challenge-response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is hardware supported challenge-response?

A
  1. General purpose computer (token) provides mechanisms for hashing and/or enciphering information. The system sends a challenge that the user enters into the device, which returns the appropriate response. Can be combined with further identification.
  2. Special purpose, temporally based. To authenticate the user provides a log in, then the number displayed and a password.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly