Questions tagged [authentication]
18 questions
14
votes
9 answers
Do passwords need a max length?
I understand that password storage generally uses hashing for security due to it being irreversible and that the stored hash is just compared to the hash of the password inputed by a user attempting to log in. As hashes are fixed length, does that…
Ethan
- 241
- 2
- 3
13
votes
1 answer
Break an authentication protocol based on a pre-shared symmetric key
Consider the following protocol, meant to authenticate $A$ (Alice) to $B$ (Bob) and vice versa.
$$ \begin{align*}
A \to B: &\quad \text{“I'm Alice”}, R_A \\
B \to A: &\quad E(R_A, K) \\
A \to B: &\quad E(\langle R_A+1, P_A\rangle, K)…
Gilles 'SO- stop being evil'
- 44,159
- 8
- 120
- 184
9
votes
1 answer
Is WPA2 with pre-shared key an example of a zero-knowledge proof?
When setting up an access point and selecting WPA2, one must manually enter a pre-shared key (a password), PSK, into both the AP and the STA.
Both parties, AP and STA, must authenticate each other. But they have to do so without revealing the PSK.…
Maiken Holm
7
votes
2 answers
Zero-knowledge proof: Abstract example
So I was reading about ZKP on wikipedia, the abstract example in summary goes like this:
Peggy wants to prove to Victor that she knows the secret to a door inside a cave that connect A and B together (see diagram) without revealing the secret word…
Brandon
- 71
- 2
4
votes
1 answer
How would P2P Kriegspiel be designed?
Kriegspiel chess is a variant of chess in which each player is not aware of where the opponent's pieces are. In a human match, a trusted intermediary relays piece losses, legality of moves etc. This is, of course possible on a computer as well. What…
Rusty
- 43
- 3
4
votes
1 answer
Break an authentication protocol based on a pre-shared symmetric key, with message numbers
Consider the following protocol, meant to authenticate $A$ (Alice) to $B$ (Bob) and vice versa.
$$ \begin{align*}
A \to B: &\quad \text{“I'm Alice”}, R_A \\
B \to A: &\quad E(\langle 1, R_A\rangle, K) \\
A \to B: &\quad E(\langle 2, R_A+1,…
Gilles 'SO- stop being evil'
- 44,159
- 8
- 120
- 184
2
votes
2 answers
Password authentication over an insecure connection
I was thinking a way to send password to server secure way without using secure connection,I found one solution.I want to find flaw in this.(Note: I am begginer,dont judge me, I know little about cryptography and little about networks)
So server…
Angry Tomato
- 25
- 3
2
votes
1 answer
User recognition through keystroke pattern
Hello thank you for taking time looking at this question. Is it possible to determine the keystroke patterns for a certain user?
My idea is that, when the user enters their username & password it must contain a specific keystroke pattern that when…
Hornet Thunder Whip
- 31
- 3
2
votes
1 answer
Can Eve impersonate Alice or Bob by using a replay attack?
For my computer science study, I have to design a replay attack (if possible) for the following authentication protocols.
I use the standard security protocol notation.
In these protocols, $A$ is Alice, $B$ is Bob and $E(A)$ is for example Eve…
Peter
- 121
- 2
2
votes
2 answers
What reason could a system have to limit the length of a password to 8 chars?
From time to time I see systems that don't allow passwords longer than 8 chars:
isn't that a security risk? What am I missing, here, that might have lead to such decision?
Pierpaolo
- 123
- 3
1
vote
0 answers
why does message authentication using 2-universal family of hash functions require a prime number of possible hash values?
I am self-studying the book Intro to Algorithms 3ed by CLRS. One of the problems seems to give a piece of information that is not necessary, Problem 11-4 in the book states
Let H be class of hash functions in which each hash function h ∈ H maps the…
xdavidliu
- 888
- 7
- 17
1
vote
0 answers
Can voice biometrics, (specifically voice recognition) application be used at windows logon screen?
I'm planning to develop an application in C# programming language for user authentication.
Target platform = Newer Windows versions such as Windows 8/10.
Your kind answers will be much appreciated. Cheers!
De J Ali
- 21
- 1
1
vote
0 answers
Non-Interactive Zero Knowledge Proofs: zk-snarks and zk-stark
I read up on an abstract example of ZKPs (the cave and the door), but I'm trying to understand NIZKs (specifically zk-snarks and zk-stark). All the examples I can find online seem to have some interactive component even when trying to explain nizks.…
user760900
- 113
- 4
1
vote
2 answers
Do ‘unspoofable’ email protocols exist?
Been getting a lot more spam lately and this question came to mind.
We already use SSL certificates to authenticate websites, can we do something similar for email?
If so, why do I still receive spoofed emails?
Michael Finn
- 13
- 3
0
votes
2 answers
How does storing encrypted password provide secure authentication?
It's universally accepted that storing an unencrypted password for automated authentication is a very bad idea, for the saved password can be used by malware, etc.
There is a number of systems that store encrypted passwords for the purpose of…
Michael
- 580
- 4
- 10