Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [challenge-response]

Challenge-response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authenticated.

Challenge-response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authenticated. Many cryptographic solutions involve two-way authentication, where both the user and the system must each convince the other that they know the shared secret (the password), without this secret ever being transmitted in the clear over the communication channel, where eavesdroppers might be lurking.

51 questions
9
votes
1 answer

What is the use of SCRAM-SHA-256 (over SCRAM-SHA-1)?

The Salted Challenge Response Authentication Mechanism (SCRAM) specified in RFC 5802 can use arbitrary hash functions to operate. The base version from RFC 5802 uses SHA-1. From my understanding, SCRAM solely relies on the one-way-ness of the…
Jonas Schäfer
  • 191
  • 1
  • 5
6
votes
1 answer

Commutative Hash Function for Password Challenge?

I had an idea. Could anyone tell me if this is a thing, if they see any problems with it, and if they know of a commutative hash function that would make it work? Suppose you had a pair of cryptographic hash functions, one of which could take an a…
Edward Peters
  • 161
  • 5
6
votes
2 answers

What challenge should I use in a challenge-response proof-of-work?

In order to guard against denial-of-service attacks, I want to require clients to do some work (more work than the server does fulfilling the request) before talking to them. Client connects Server sends a challenge, including a piece of data "Find…
Stefano Palazzo
  • 598
  • 5
  • 18
5
votes
2 answers

Is there a difference between asking for a signature and asking for a decryption in challenge-response authentication?

Consider the following two authentication schemes. In both cases the server knows a public key of the client (for a signature system in the first and an encryption system in the second case). Scheme A Server presents a randomly generated plaintext…
merlin2011
  • 183
  • 1
  • 8
4
votes
3 answers

Difference between Zero Knowledge Proof and Challenge Response Protocol

What exactly is the difference between Zero Knowledge Proof & Challenge Response Authentication? I searched online and the best I could find are these: techtarget.com Zero-knowledge password proof systems depend on cryptographic methods that…
schegu
  • 45
  • 7
4
votes
1 answer

Client Puzzles and HMAC

I'm learning about client puzzles for DoS (Denial of Services) Protection, and I came across this question. For each request, the server sends the client a freshly generated random challenge r and and a difficulty parameter n, and the client has to…
focus04
  • 43
  • 1
  • 3
4
votes
1 answer

Proof that two parties can communicate

Suppose we have three parties, Alice, Bob, and Carol. Alice can receive messages from Bob and Carol individually, but can only send messages to both simultaneously. Additionally, Alice cannot tell if Bob and Carol can send/receive messages to/from…
stonegrizzly
  • 41
  • 1
4
votes
2 answers

Spoofing protocol nonce

Amy and Betty have a shared key $k$, and the protocol below is to provide a mutual authentication for both Betty and Amy. A sends B : $n_a$ B sends A : $n_b \;\|\; E(k, n_a)$ A sends B : $E(k, n_b)$ Where $n_a$ is a nonce from Amy $n_b$ is a…
user16475
  • 43
  • 2
4
votes
1 answer

Why does the challenge need to be prime in Wesolowski's succinct argument of $y=x^{e}$?

In Wesolowski's VDF (verifiable delay function) a prover produces a pair $(x, y)$ and needs to argue to the verifier that the pair satisfies $y = x^e \pmod N$ for some $e$ computable to both. The verifier is compute limited and $e$ is really large,…
MERTON
  • 225
  • 1
  • 6
3
votes
2 answers

Help me describe/identify this challenge-response protocol/algorithm?

My area of expertise is reverse engineering, specifically embedded systems. I do attack cryptographic systems, but this largely involves key recovery or exploiting the implementation. I was asked to reverse engineer a simple Windows executable used…
Cybergibbons
  • 293
  • 1
  • 7
3
votes
2 answers

Zero-Knowledge Challenge-Responce Protocol

Good day to everyone. I am trying to implement an e voting system (just for reference -it is not important though-it is described at the Internet Voting Protocol Based on Improved Implicit Security by Abhishek Parakh & Subhash Kak Version of record…
user5169
3
votes
0 answers

StoredKey in Salted Challenge Response Mechanism (SCRAM)

In SCRAM (RFC5802, page 8) the client generates ClientKey to server, which is a derivation of the original password. This is communicated to the server in a secure fashion, which then performs a single hash operation H(ClientKey) and check if that's…
KennethJ
  • 131
  • 1
3
votes
1 answer

Is there a scheme that allows to use RSA based challenge response protocol limited to signing only 8 bytes to create a secure signature of any data?

I have a tiny device that has a challenge-response authentication mechanism where the device signs 8 bytes of any data with it's internal 2048 bit RSA key. I would like to be able to certify any data using this mechanism by using a number of…
Glushiator
  • 195
  • 1
  • 9
2
votes
1 answer

How is MitM attack prevented when complete session is hijacked?

Lets say there is mutual authentication between a client which connects to a server on an otherwise unsecured TCP channel. Both parties create a random challenge and the other side answers with a keyd-hash, based on a pre-shared symmetric…
MichaelW
  • 1,517
  • 1
  • 14
  • 26
2
votes
2 answers

Is it insecure to make nonce using random number generator and hashing algorythm with secret key like HMAC?

I'm building a project on Arduino Mega microcontroller and I need some nonce generator for challenge-response exchange. But I failed to find some alphanumerical string generators. Then I came up with an idea to make one using the random() function…
krystof18
  • 143
  • 5
1
2 3 4