Human-answerable challenge response login

From: chenshaw (MOVE)
Date: 09/27/03

• Next message: Roger Schlafly: "Re: controversial paper"
• Previous message: Mxsmanic: "Re: RSA modulus from e and d"
• Next in thread: Paul Rubin: "Re: Human-answerable challenge response login"
• Reply: Paul Rubin: "Re: Human-answerable challenge response login"
• Reply: M.S. Bob: "Re: Human-answerable challenge response login"
• Reply: Colin Andrew Percival: "Re: Human-answerable challenge response login"
• Reply: Paul Rubin: "Re: Human-answerable challenge response login"
• Reply: M.S. Bob: "Re: Human-answerable challenge response login"
• Reply: Colin Andrew Percival: "Re: Human-answerable challenge response login"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 27 Sep 2003 01:08:34 GMT

As an attempt of defeating key sniffers when logging into a PHP web app
from unsecure locations, I have implemented a relatively simple challenge
response system as part of the login sequence. The user is given eight
random digits and must add a key number modulo 10 to each digit in order to
be authenticated. I.E. given a key of 19191919 and a challenge of
58290405, the user must respond with 67381314.

The implementation gives the user one opportunity to answer a given
challenge. If the response is incorrect, the login is rejected and a new
challenge is generated.

Does this authentication system have any glaring vulnerabilities?

-- 
Coridon Henshaw / http://www3.sympatico.ca/gcircle/csbh

• Next message: Roger Schlafly: "Re: controversial paper"
• Previous message: Mxsmanic: "Re: RSA modulus from e and d"
• Next in thread: Paul Rubin: "Re: Human-answerable challenge response login"
• Reply: Paul Rubin: "Re: Human-answerable challenge response login"
• Reply: M.S. Bob: "Re: Human-answerable challenge response login"
• Reply: Colin Andrew Percival: "Re: Human-answerable challenge response login"
• Reply: Paul Rubin: "Re: Human-answerable challenge response login"
• Reply: M.S. Bob: "Re: Human-answerable challenge response login"
• Reply: Colin Andrew Percival: "Re: Human-answerable challenge response login"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Human-answerable challenge response login ... > from unsecure locations, I have implemented a relatively simple challenge ... > response system as part of the login sequence. ... > random digits and must add a key number modulo 10 to each digit in order to ... (sci.crypt) Re: Human-answerable challenge response login ... > from unsecure locations, I have implemented a relatively simple challenge ... > response system as part of the login sequence. ... > random digits and must add a key number modulo 10 to each digit in order to ... (sci.crypt) Human-answerable challenge response login ... response system as part of the login sequence. ... random digits and must add a key number modulo 10 to each digit in order to ... Does this authentication system have any glaring vulnerabilities? ... (sci.crypt)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint