Cryptography Reference
In-Depth Information
There is a similar — much more frequent — situation where the user has no
computer at hand either. It relates to
home banking
by phone. In this case,
Alice as the bank's customer has to authenticate herself via password, but
Mallory mustn't be able to use the same password and pretend to be Alice
later on. This wording already contains the solution: the customer is given
many passwords and uses each one only once.
One-way hash functions enable a particularly simple and secure implementation
of this principle. The protocol was proposed by Leslie Lamport [Lamport] in
1981 and looks like this.
1. The computer creates a random key,
S
0
.
2. It uses a one-way hash function,
H
, to encrypt this number over and
again, thus obtaining, for example, 100 numbers,
S
i
:
S
1
= H(S
0
)
S
2
= H(S
1
)
...
S
100
= H(S
99
)
3. It sends numbers
S
0
,...,S
99
to the customer/user and then deletes them.
The computer itself stores only
S
100
.
4. A customer who wants to identify himself to the computer sends
S
99
. The
computer checks whether
H(S
99
)
S
100
. If so, the customer is deemed
to have been authenticated; otherwise, the customer will be rejected.
5. Next, the computer replaces
S
100
by the value
S
99
obtained, and the
customer deletes
S
99
from his list.
6. All further authentications work analogously: the customer sends a pass-
word not yet deleted with the largest index. The computer computes the
hash value for the customer password and compares it with the value
stored. If the value is accepted, the computer replaces the password value
stored.
7. When all 100 passwords have been used up, the computer creates a new
list and sends it to the customer.
=
This method can be highly appreciated from the cryptological viewpoint. Sim-
ilarly to UNIX, no password is stored in plaintext on the computer. Each
password is used only once, so that no attacker can get unauthorized access to
