Cryptography Reference
In-Depth Information
2. Encrypt the plaintext consisting of all zeros (64 zero bits) using the uniquely
modified DES
with the 56-bit key derived from the password.
3. Repeat the last encryption step 25 times (in other words, we encrypt the all-
zero string 25 times). This last step is designed to slow the operation down in
such a way that it is not inconvenient for a user, but much more difficult for an
attacker conducting a dictionary attack.
When a user enters their password, the system looks up the salt, generates
the modified DES+ encryption algorithm, forms the encryption key from the
password, and then conducts the multiple encryption to produce the password
image. The password image is then checked against the version stored in
/etc/passwd
. If they match then the password is accepted.
+
As just observed, two of the main problems with passwords are vulnerability
(they are quite easy to steal) and repeatability (once stolen they can be reused).
A
dynamic password scheme
, also often refered to as a
one-time password scheme
,
preserves the concept of a password but greatly improve its security by:
1. limiting the exposure of the password, thus reducing vulnerability;
2. using the password to generate dynamic data that changes on each authenti-
cation attempt, thus preventing repeatability.
Dynamic password schemes are important entity authenticationmechanisms and
are widely deployed in token-based technologies for accessing services such as
internet or telephone banking.
8.5.1
Idea behind dynamic password schemes
At its heart, a dynamic password scheme uses a 'password function' rather than
a password. If a claimant, which we will assume is a human user, wants to
authenticate to a device, such as an authentication server, then the user inputs
some data into the function to compute a value that is sent to the device. There
are thus two components that we need to specify:
The password function
. Since this function is a cryptographic algorithm, it is
usually implemented on a smart token. In the example that we will shortly
discuss, we will assume that this is a smart token with an input interface that
resembles a small calculator.
The input
. We want the user and the device to agree on an input to the password
function, the result of which will be used to authenticate the user. Since the
input must be fresh, any of the freshness mechanisms that we discussed in
