Re: Randomly-generated challenge method ?
From: O.L. (nowhere_at_invalid.net)
Date: 10/20/05
- Previous message: brian_james_kirby_at_hotmail.com: "Re: Stream Cipher for encypting voice traffic"
- In reply to: Gregory G Rose: "Re: Randomly-generated challenge method ?"
- Next in thread: Unruh: "Re: Randomly-generated challenge method ?"
- Reply: Unruh: "Re: Randomly-generated challenge method ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Oct 2005 11:40:09 +0200
Le 19/10/2005, Gregory G Rose a supposé :
> I guess I'm misunderstanding what you're trying to
> do here. See comments below.
>
> In article <mn.9b967d5a54f8c207.18740@invalid.net>,
> O.L. <nowhere@invalid.net> wrote:
>> I thought about a secure method of authentication based on a simple
>> password (memorizable by a human).
>> This method uses hazard to increase the authentication process
>> duration, and so to prevent attackers from quickly break the encryption
>> by brute force. The computation duration can be easily set by
>> increasing or decreasing the challenge string length.
>>
>> 1) The user sends his password (ie: "azerty") to the server
>
> Isn't this the real problem? The user just sent
> his cleartext password... any eavesdropper now
> knows it.
Oops ! I made a mistake ... when I wrote this message !
The user sends his USERNAME, not his password.
Then the server get this USERNAME, look in his DB to find the
associated password ...
-- Olivier Ligny Créateur web free-lance / www.cyber-tamtam.net
- Previous message: brian_james_kirby_at_hotmail.com: "Re: Stream Cipher for encypting voice traffic"
- In reply to: Gregory G Rose: "Re: Randomly-generated challenge method ?"
- Next in thread: Unruh: "Re: Randomly-generated challenge method ?"
- Reply: Unruh: "Re: Randomly-generated challenge method ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
