Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Challenge–response authentication
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{short description|Type of authentication protocol}} {{one source|date=February 2019}} In [[computer security]], '''challenge-response authentication''' is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be [[authentication|authenticated]].<ref name="TilborgJajodia2014">{{cite book|author1=Henk C.A. van Tilborg|author2=Sushil Jajodia|title=Encyclopedia of Cryptography and Security|url=https://books.google.com/books?id=UGyUUK9LUhUC&q=%22Challenge%E2%80%93response+authentication%22|date=8 July 2014|publisher=Springer Science & Business Media|isbn=978-1-4419-5906-5}}</ref> The simplest example of a challenge-response protocol is [[password]] authentication, where the challenge is asking for the password and the valid response is the correct password. An [[Adversary (cryptography)|adversary]] who can [[Network eavesdropping|eavesdrop]] on a password authentication can authenticate themselves by reusing the intercepted password. One solution is to issue multiple passwords, each of them marked with an identifier. The verifier can then present an identifier, and the prover must respond with the correct password for that identifier. Assuming that the passwords are chosen independently, an adversary who intercepts one challenge-response message pair has no clues to help with a different challenge at a different time. For example, when other [[communications security]] methods are unavailable, the [[United States Armed Forces|U.S. military]] uses the [[AKAC-1553]] TRIAD numeral cipher to authenticate and encrypt some communications. TRIAD includes a list of three-letter challenge codes, which the verifier is supposed to choose randomly from, and random three-letter responses to them. For added security, each set of codes is only valid for a particular time period which is ordinarily 24 hours. Another basic challenge-response technique works as follows. [[Alice and Bob|Bob]] is controlling access to some resource, and Alice is seeking entry. Bob issues the challenge "52w72y". Alice must respond with the one string of characters which "fits" the challenge Bob issued. The "fit" is determined by an algorithm defined in advance, and known by both Bob and Alice. The correct response might be as simple as "63x83z", with the algorithm changing each character of the challenge using a [[Caesar cipher]]. In reality, the algorithm would be much more complex. Bob issues a different challenge each time, and thus knowing a previous correct response (even if it is not obfuscated by the means of communication) does not allow an adversary to determine the current correct response.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)