Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [authentication]

Authentication is successfully validating that an entity you are communicating with is actually who they claim to be. The entity typically demonstrates who they are by showing they possess a secret that only they could know.

Authentication is successfully validating that an entity you are communicating with is actually who they claim to be. The entity typically demonstrates who they are by showing they possess a secret that only they could know.

The entity is not necessarily proving their identity, they could be proving they are a member of a larger group of identities or possess a certain attribute.

Authentication techniques are usually classified as belong to one of three categories (called factors): something the entity knows (password or key), something the entity has (a token or smartcard), or something the entity is (biometrics).

720 questions
22
votes
6 answers

advances in usability for cryptography/authentication

I'm wondering if there have been any recent advances (say, the past 5-10 years) in human usability for cryptography and/or authentication? By that I mean something that makes it easier for an average person to make use of the benefits of…
Jason S
  • 722
  • 5
  • 13
8
votes
2 answers

zero knowledge proof application

Suppose I have a secret 'X'. Which can be use as a seed to a deterministic random number generator to generate a number 'Y'. Is there any way to prove to others, that I have the secret 'X' which generated this number 'Y' without revealing the secret…
prosaad
  • 93
  • 4
6
votes
3 answers

Convert old and busted password encryption to something sensible

Given a TOTALLY HYPOTHETICAL scenario in which passwords for over a million accounts in over 200 databases have been stored using 3DES, a key derived from a (single) MD5 hash of a customer-controlled (rarely changed from the default) pass-phrase, a…
Pete Scott
  • 163
  • 5
6
votes
1 answer

Did authentication/signature primitives fall under the Wassenaar Arrangement?

I understand that under the Wassenaar Arrangement, encryption algorithms like AES were considered to be some sort of weapon. The legally allowed effective key sizes in export software were limited to something a resourceful attacker could break,…
DiscobarMolokai
  • 163
  • 1
  • 1
  • 8
5
votes
1 answer

Authentication protocols for authenticating devices to a server

The requirement is to authenticate 1000s of devices to a server when the devices try to contact the server. The problem I face is that all authentication protocols require some kind of shared secret between the devices and the server. And for…
kelvi
  • 51
  • 1
4
votes
1 answer

How does Gilbert, MacWilliams, and Sloane's solution to “perfect integrity” work?

Gilbert, MacWilliams, and Sloane defined a solution to "perfect integrity" in Codes Which Detect Deception, unconditionally secure message authentication, not vulnerable to any cryptanalysis on its own even by an adversary with unbounded…
user73542
4
votes
2 answers

Password vs public key for authentication?

What's the difference password and key in terms of authentication? I think that they are potentially same. But, in practice, password involves some bias since it is created by human. On the other hand, some key is produced by computer, which results…
mallea
  • 1,605
  • 1
  • 9
  • 21
4
votes
2 answers

One-Time MAC's data block length and q

When 128-bit long data blocks are unavailable for one-time MAC: Could 64 bits be used instead? Should $q$ then be >=64 bits? E.g. $2^{64}+5$ Can this be scaled even further downwards to 32, 16, … bits? (block size and $q$) The few theory sources…
Dadada
  • 43
  • 3
4
votes
1 answer

Single roundtrip authentication

I have a server and a client that need to authenticate to that server. The idea is that we have user/pass and the authentication generates a token that can later be used. An important factor here is that I want to reduce the number of network round…
Ayende Rahien
  • 199
  • 2
3
votes
1 answer

Can an encrypted nonce be used for authentication?

Would a scheme like the following work to allow authentication of a sender: A nonce is appended to data, and the result is encrypted. The encrypted pack is sent to the other party. The sender then contacts the receiver through an authenticated…
andyg0808
  • 133
  • 4
3
votes
1 answer

Can substrings of a long string be efficiently authenticated?

Suppose one has a (strong) shared secret key and wishes to authenticate a very long string in a way that will allow the verifier to verify small substrings without reading much of the stored data and without much storage overhead. The trivial way…
user991
3
votes
0 answers

Password Derived Signature Authentication

I'd like to avoid sending user passwords over the wire. Would the following challenge response protocol be secure (served over TLS)? I know this is similar to SRP. Sign-up Client takes password and randomly generated salt and inputs them into…
B. Alvarez
  • 31
  • 2
3
votes
1 answer

Does WEP protect message authenticity?

The WEP secure channel works by sending $$IV||(m||CRC(m) \oplus RC_4(K,IV)$$ where IV is an asynchronous initial vector, K is an encryption key and CRC is a cyclic redundancy check function. I know there are lots of attacks on this scheme. I also…
user1868607
  • 1,243
  • 12
  • 29
3
votes
1 answer

Is there an existing authorative definition of the cryptographic term 'pepper'

I can attempt to define the term 'pepper' as: In cryptography, a pepper is a something that is added to another value (for example a password) prior to a the value being hashed using a cryptographic hash function. A pepper can be added to a…
Chris Halcrow
  • 131
  • 3
3
votes
2 answers

Why doesn't this dummy mutual authentication protocol provide mutual authentication?

I am a student taking a cryptography course so forgive me if this comes off as a silly question. This is an assignment question: $Alice \rightarrow R \rightarrow Bob$ $Alice \leftarrow [R]B \leftarrow Bob$ $Alice \rightarrow [R+1]A \rightarrow…
Ajit
  • 243
  • 2
  • 5
1
2 3 4