Re: Searching for a special challenge&response algorithm
 From: "David Sharpe" <nimnio@xxxxxxxxx>
 Date: 1 May 2006 19:30:46 0700
Ah, I think I see what you are looking for now. Tell me if this looks
about right:
Completion of the challenge problem takes a long time if you don't
know the backdoor.
Challenge completion gives access to the authentication function (a
password request).
The server knows the backdoor and the password.
_______________________________
Server: "Here's a math problem. It's really hard, but you can
solve it." (ANYONE can solve the challenge function, but the server
can do it quickly because it knows the backdoor).
* Time passes.*
Attacker: "Ah ha! I figured out that problem you gave me!"
Server: "Good, now what's thepassword?"
Attacker: "Uh... One  two  three."
Server: "Wrong. Here's another math problem." (The backdoor will
work on this new problem too)?
_______________________________
I only understood after your most recent reply which explained some of
the loose variables: there is only one account (with one password) to
which everyone is trying to gain access, and the IP information is not
usable (in this case).
I do still like Mr. Moreno's solution, albeit there looks to be some
implementation hurdles in regards to random key and challengemessage
generation, especially considering that the server would need to do
this every authentication request. On the other hand, in any solution
there is going to need to be some random challenge generation (given
the general form of the algorithm as explained above)...
Thank you for your patience.
.
 References:
 Re: Searching for a special challenge&response algorithm
 From: David Sharpe
 Re: Searching for a special challenge&response algorithm
 From: Jan Peter Stotz
 Re: Searching for a special challenge&response algorithm
 Prev by Date: Re: JSH: Factoring problem, trivial?
 Next by Date: I Wanted Some Feedback On A Cipher...
 Previous by thread: Re: Searching for a special challenge&response algorithm
 Next by thread: Re: gnupg rsa question // why use e of 41 ?
 Index(es):
Relevant Pages
