Re: Searching for a special challenge&response algorithm

Jan Peter Stotz <jp_news@xxxxxx> writes:

Carlos Moreno schrieb:

Sorry, DoS is the wrong description. I had more something similar to an SSH
brute force attack in mind.

Ok. A tiny nitpick: SSH login attempts do not constitute a brute
force attack -- that falls more in the category of a dictionary
attack (they're not trying all possible names with all possible
passwords -- they're only trying a list of the commonly used
combinations).

Ok, but then -- a C-R implies that you're simply trusting a remote
user as soon as they prove to you that they know the right password;
so, there's nothing that the protocol or the implementation can do
about it; if the passwords *can be guessed*, then the remote
attacker will be able to log in.

All passwords can be guessed. It is just a matter of time (theoretically).

The solution is: make the passwords non-guessable. Restrict the
frequency with which logins may be attempted (with configurable
exceptions, so that "privileged" IP addresses can always attempt
the login).

That is exactly what I want do to but not on a per IP-basis (may be
additionally to it) but with the outlined c-r algorithm.

Youcan also do what people do with SSH: do not use password
authentication at all -- use public-key authentication;

Thanks but I already know that. The problem is that I don't want to secure
SSH - I am just looking for a algorithm which could slow down password
guessing/brute force attacks on a more general level.

I got the idea while studying PKCS#5 (algorithm for deriving crypto-keys
from a password). It slows down password guessing/brute force attacks by

No, that is to prevent off line password guessing. Online if you want to
slow things down the server can always do that. Put in a 30 sec wait before
informing the far side that the password guess is correct/incorrect.
Ie, active password guessing it not a problem that making it difficult to
calculate can solve. That is useful for offline attacks where they know the
hash and want to know what password corresponds to that hash.


adding 1000+ encryption rounds. Applying PKCS#5 to the usual c-r
implementations the random number sent from the server to the client would
be the password and the PKCS#5-password-derived-key would be the correct
response. The only problem is that testing the response if it is the right
one needs the same steps as creating it (on the client side). This makes it
unusable for an client-server scenario for c-r.

So I am searching for a replacement algorithm. It should be act like
backdoor-function (mathematically). The server has the secret for using
this backdoor - the client doesn't have it. The server only grants access
to the authentication function to clients which successfully applied the
backdoor-function to the challenge. Because of the missing secret the
client can not use the backdoor and has to use therefore much CPU power to
compute the function. The server knows the secret and can compute the
result quite easily. When the client returns the response to the challenge
the server compares it with it's own computation and grant access to the
authentication method if it is equal to the result computed by the server.

That is what I want to achieve...

Jan
.

Relevant Pages

  • Re: F$GETJPI doesnt match SHOW PROCESS/ACCOUNTING
    ... With Tier3 applications, you choose the default user name that execution ... server processes will be created under. ... without privileges) to assume the persona/rights/privileges of the client on ... if you left the "Login Confirmation" checkbox ...
    (comp.os.vms)
  • Re: Applet Consideration
    ... > the client applet to connect to the server. ... everything is sent as String. ... >> I made it so the client has absolutely no knowledge that the db exists. ... Each thread must be initialized by a login. ...
    (comp.lang.java.databases)
  • Re: Searching for a special challenge&response algorithm
    ... SSH login attempts do not constitute a brute ... force attack -- that falls more in the category of a dictionary ... one needs the same steps as creating it (on the client side). ... The server has the secret for using ...
    (sci.crypt)
  • Re: Secure single sign on/automatic login?
    ... then checks the checkbox to automatically login. ... The client sends the login details to the webserver, ... I use the static value and the challenged recieved from the server to ... I want to achive authentication as described above. ...
    (microsoft.public.dotnet.security)
  • Re: No username prompt SSHD
    ... it is the client side. ... The client takes the current user and passes that to the server as the ... To override this you must supply a username to the client in one of two ways: ... $ ssh -l login serveur ...
    (SSH)