Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Authenticator
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Authenticator secrets=== Every authenticator is associated with at least one secret that the claimant uses to demonstrate possession and control of the authenticator. Since an attacker could use this secret to impersonate the user, an authenticator secret must be protected from theft or loss. The type of secret is an important characteristic of the authenticator. There are three basic types of authenticator secret: a memorized secret and two types of cryptographic keys, either a symmetric key or a private key. ====Memorized secret==== A memorized secret is intended to be memorized by the user. A well-known example of a memorized secret is the common [[password]], also called a passcode, a [[passphrase]], or a [[personal identification number]] (PIN). An authenticator secret known to both the claimant and the verifier is called a [[shared secret]]. For example, a memorized secret may or may not be shared. A symmetric key is shared by definition. A private key is not shared. An important type of secret that is both memorized and shared is the password. In the special case of a password, the authenticator '''is''' the secret. ====Cryptographic key==== A cryptographic authenticator is one that uses a [[Key (cryptography)|cryptographic key]]. Depending on the key material, a cryptographic authenticator may use [[Cryptography#Symmetric-key cryptography|symmetric-key cryptography]] or [[Cryptography#Public-key cryptography|public-key cryptography]]. Both avoid memorized secrets, and in the case of public-key cryptography, there are no [[shared secret]]s as well, which is an important distinction. Examples of cryptographic authenticators include [[Initiative for Open Authentication|OATH]] authenticators and [[FIDO Alliance|FIDO]] authenticators. The name OATH is an acronym from the words "Open AuTHentication" while FIDO stands for Fast IDentity Online. Both are the results of an industry-wide collaboration to develop an open reference architecture using open standards to promote the adoption of strong authentication. By way of counterexample, a password authenticator is '''not''' a cryptographic authenticator. See the [[#Examples]] section for details. =====Symmetric key===== A symmetric key is a shared secret used to perform symmetric-key cryptography. The claimant stores their copy of the shared key in a dedicated hardware-based authenticator or a software-based authenticator implemented on a smartphone. The verifier holds a copy of the symmetric key. =====Public-private key pair===== A public-private key pair is used to perform public-key cryptography. The public key is known to (and trusted by) the verifier while the corresponding private key is bound securely to the authenticator. In the case of a dedicated hardware-based authenticator, the private key never leaves the confines of the authenticator.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)