Re: Sign On Authentication

From: kurt wismer (kurtw_at_sympatico.ca)
Date: 08/16/05 

Date: Tue, 16 Aug 2005 07:50:16 -0400

Ari Silversteinn wrote:
> On Mon, 15 Aug 2005 20:04:39 -0400, Barry Margolin wrote:
[snip]
>>Isn't this normally done with a username and password prompt? It can be
>>improved with token-based authentication like SecurID or Defender.
>
> Thanks, Barry, for the reply. A user name and prompt can be passed from Bob
> X to Charles Y and Charles Y can then take the test for Bob X.

there are very few things you can use for authentication that are
non-transferable...

even if you were to use one, how would you prevent the situation where
bob enrolls using charles' authentication data?

or maybe charles will just be sitting in the background giving bob the
answers... even if you do manage to authenticate the person, i don't see
a viable means of verifying that they don't have any unauthorized aids
at their disposal...

> Token based authentication, this I am inexperienced or confused as to your
> interpretation.

3 basic authentication schemes - what you know (password), what you have
(token), or what you are (biometric)...

token based authentication involves presenting a security token (one
assigned to you) to a token reader to authenticate yourself with -
however it's transferable just like passwords are... 

-- 
"they threw a rope around yer neck to watch you dance the jig of death
then left ya for the starvin' crows, hoverin' like hungry whores
one flew down plucked out yer eye, the other he had in his sights
ya snarled at him, said leave me be - i need the bugger so i can see"

Relevant Pages

  • Re: Sign On Authentication
    ... >>Isn't this normally done with a username and password prompt? ... A user name and prompt can be passed from Bob ... > X to Charles Y and Charles Y can then take the test for Bob X. ... there are very few things you can use for authentication that are ...
    (sci.crypt)
  • Re: Sign On Authentication
    ... >> that a multiple choice test that is taken was performed by Bob X and not by ... > Isn't this normally done with a username and password prompt? ... X to Charles Y and Charles Y can then take the test for Bob X. ... Token based authentication, this I am inexperienced or confused as to your ...
    (comp.security.misc)
  • Re: Sign On Authentication
    ... >> that a multiple choice test that is taken was performed by Bob X and not by ... > Isn't this normally done with a username and password prompt? ... X to Charles Y and Charles Y can then take the test for Bob X. ... Token based authentication, this I am inexperienced or confused as to your ...
    (sci.crypt)
  • Re: Effective micropayments
    ... > Bob, but she's not connected directly to Bob. ... thing called radius (I confess to long ago and far away being involved ... radius evolved into an ietf standard for authentication. ... clicking on the rfc number brings up the rfc summary in the lower ...
    (sci.crypt)
  • new authentication protocol, possible SRP alternative
    ... I've been studying authentication protocols lately and am interested ... I've designed a protocol that appears to me to provide the same ... Bob stores: ... An attacker who discovers K should ...
    (sci.crypt)