Questions tagged [authentication]

Authentication is successfully validating that an entity you are communicating with is actually who they claim to be. The entity typically demonstrates who they are by showing they possess a secret that only they could know.

The entity is not necessarily proving their identity, they could be proving they are a member of a larger group of identities or possess a certain attribute.

Authentication techniques are usually classified as belong to one of three categories (called factors): something the entity knows (password or key), something the entity has (a token or smartcard), or something the entity is (biometrics).

738 questions

251

votes

2 answers

What are the differences between a digital signature, a MAC and a hash?

A message may be accompanied with a digital signature, a MAC or a message hash, as a proof of some kind. Which assurances does each primitive provide to the recipient? What kind of keys are needed?

asked Dec 10 '12 at 12:16

Flimm

2,818
4
16
17

147

votes

1 answer

Why does my SSH private key still work after changing some bytes in the file?

I (for a test) just randomly altered a private RSA key by opening it up in Vim and changing a few bytes. It is the private part of an SSH key pair used for logging in on a remote system. Puzzlingly, it still allows me to login. I did some research…

rsa public-key authentication ssh

asked Jan 09 '16 at 19:15

PhilPotter1987

1,093
2
8
6

votes

3 answers

RSA encryption with private key and decryption with a public key

When using the RSA cryptosystem, does it still work if you instead encrypt with the private key and decrypt with the public key? What about in the case of using RSA for sender authentication?

encryption rsa public-key authentication

asked Mar 18 '12 at 16:53

Humam Shbib

votes

2 answers

Signatures: RSA compared to ECDSA

I'm signing very small messages using RSA, and the signature and public key are added to every message, which requires a lot of space compared to the actual content. I'm considering switching to ECDSA, would this require less space with the same…

rsa signature authentication dsa

asked Jul 12 '12 at 19:37

Maestro

1,069
1
10
17

votes

7 answers

Why aren't zero-knowledge proofs used in practice for authentication?

I read on Wikipedia that zero-knowledge proofs are not used for authentication in practice. Instead (I think) the server is entrusted with seeing a password in plaintext form, which it should then add a salt to and hash. But for a split moment, the…

authentication zero-knowledge-proofs

asked Apr 30 '15 at 00:09

wlad

1,259
1
13
24

votes

6 answers

Why not authenticate full-disk encryption?

Common FDE software (TrueCrypt, BitLocker, dm-crypt) doesn't authenticate ciphertext stored on the disk. The commonly cited reason is "it would take too much space", reasoning that you would need an authentication tag for every sector and that would…

authentication hmac cbc disk-encryption

asked Nov 03 '16 at 18:23

matejcik

votes

3 answers

How does a rolling code work?

I have general questions regarding rolling codes. Basically there is a sender and a receiver. Both have a sequence generator. The receiver checks if the received sequence matches the newly generated. An example used is KeeLoq. Assuming a car opener…

protocol-design authentication replay-attack

asked Jul 24 '14 at 07:51

matcauthon

votes

6 answers

advances in usability for cryptography/authentication

I'm wondering if there have been any recent advances (say, the past 5-10 years) in human usability for cryptography and/or authentication? By that I mean something that makes it easier for an average person to make use of the benefits of…

authentication

asked Jul 13 '11 at 14:23

Jason S

votes

3 answers

Specification of the Megamos crypto algorithm

It has recently emerged that a paper that was scheduled to appear at Usenix Security 2013, titled "Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser", has been censored according to a newspaper article in the "Guardian". A…

cryptanalysis authentication

asked Jul 26 '13 at 23:54

D.W.

36,982
13
107
196

votes

2 answers

Storing Credentials for a Third Party

(Originally posted to SOF, but I got no answers) I am designing a small application for use inside my company. My application needs to connect to a third party website on behalf of my application user. I would like to safely store the user's…

encryption authentication

asked Aug 30 '13 at 18:03

Ralph

votes

2 answers

Can a salt for a password hash be public?

From my understanding, salts in password hashes are used to prevent the precomputation of plaintext→hash values (rainbow tables). I know from different threads that it is unnecessary to keep the salt secret (i.e., it doesn't need to be encrypted),…

hash passwords authentication salt

asked Jan 04 '14 at 15:10

Chris

votes

2 answers

Why are finite groups used in cryptography?

Most of the cryptographic schemes I know are all based on group theory, e.g. they use finite groups. Can someone explain why is that the case? And why not base the schemes on elements and operations say from natural numbers or some other infinite…

encryption authentication group-theory

asked Jan 06 '18 at 12:06

dave

votes

2 answers

Where is the authentication tag stored in file encrypted using AES-GCM?

So I am using cryptopp to encrypt a file in a project and I am using AES-GCM. I have a 256bit key and a 128bit ivec and a 128bit tag that I use to encrypt files. However, I want to know where the authentication tag is stored? I notice if I specify a…

aes authentication authenticated-encryption gcm

asked Apr 26 '15 at 06:31

Mo Beigi

votes

3 answers

Is there a way to make RC4 (ARCFOUR) secure, or is it completely broken?

I need a method to authenticate a process with another in order to establish interprocess communication between them, to prevent malicious processes from trying to hook onto the system. Currently I just send a password in plaintext between the two…

encryption passwords authentication rc4

asked Aug 25 '12 at 12:39

Kevin Jin

votes

2 answers

How should I store passwords that need to be available in plain text?

Suppose I need to store login information for a third-party website for a few users, how would I go about doing it? Since I am logging into a third party website, I need the password in plain-text, not hashed. And no, the website in question does…

implementation passwords authentication

asked Aug 07 '11 at 20:50

user93

2 3

…

49 50 Next