Re: public key password authentication
- From: Kristian Gjøsteen <kristiag+news@xxxxxxxxxxxx>
- Date: Sun, 29 Apr 2007 22:44:44 +0000 (UTC)
Hallvard B Furuseth <h.b.furuseth@xxxxxxxxxxx> wrote:
Are there useful and efficient password auth methods where the server
admin, possessing a user's server-side secret and a log of his auth
sessions, will not learn how to authenticate as the user?
Sure, that's what identification protocols are all about. Usually,
things like zero knowledge make an appearance.
In particular, are there methods that do not use a lot of server CPU
time compared to a hash-based challenge/response method like DIGEST-MD5?
I think most zero-knowledge stuff is based on number theoretic
constructions, and tend to require significant computational resources.
You can never prevent the server from doing an exhaustive search for the
user's secret (the server must have a yes-no oracle for this secret in
order to do identification). If you just want to prevent him from easily
impersonating the user towards other servers, you can compute the server's
secret as hash(server name || user's secret). With reasonable hash
functions, this won't give the server the value of hash(2nd server name
|| user's secret). Then you use any one of a number of identification
protocols based on shared secrets.
--
Kristian Gjøsteen
.
- Follow-Ups:
- Re: public key password authentication
- From: Hallvard B Furuseth
- Re: public key password authentication
- References:
- public key password authentication
- From: Hallvard B Furuseth
- public key password authentication
- Prev by Date: public key password authentication
- Next by Date: Re: New cryptanalysis book coming out!
- Previous by thread: public key password authentication
- Next by thread: Re: public key password authentication
- Index(es):
Relevant Pages
|
|
