Cryptography Reference
In-Depth Information
within the first week [6]. It is assumed that these numbers have not changed
much since their publication. To make things worse, there are many tools
available on the Internet that can be used to automate password guessing (e.g.,
L0phtCrack or @ stake LC 5). 1
2. The transmission of passwords (which may be well chosen or not) is exposed
to passive eavesdropping and subsequent replay attacks. This is because
the passwords are often transmitted in the clear. Also, if passwords are not
transmitted in the clear but “encrypted” using a well-known one-way function,
it is still possible to launch a password-guessing attack by simply “encrypting”
password candidates with the one-way function and checking whether the
result matches the string that has been transmitted in the first place. So if
passwords are encrypted for transmission, then it must be made sure that a
password is encrypted differently each time it is encrypted and transmitted.
This is, for example, usually the case if a cryptographic security protocol,
such as the SSL/TLS protocol, is used.
Obviously, these security problems do not only apply to passwords and are
equally true for any other static information that may be employed in a proof by
knowledge (e.g., PINs or passphrases). Consequently, the use of static information
in a proof by knowledge is not recommended for contemporary computer networks
and distributed systems. In fact, the information is too easy to intercept and reuse.
While this vulnerability has been known for a very long time, it was not until 1994
that it was demonstrated on a large scale with the discovery of planted password
collecting routines at some critical points on the Internet. 2 To improve the level of
security of a proof by knowledge, one must use information that is dynamically
changing over time.
17.2.2.2
Dynamically Changing Information
The basic idea of using dynamically changing information in a proof by knowledge
is that each authentication process requires a unique piece of (authentication) infor-
mation and that this piece of information cannot be (mis)used at some later point in
time. Consequently, if an attacker is able to eavesdrop on an authentication protocol
execution and grab the relevant authentication information, he or she will not be able
to (mis)use this information in a replay attack (i.e., the information will not be valid
a second time).
The use of dynamically changing information is not new. In fact, we have
been using transaction authentication numbers (TANs) for quite a long time. In
1
http://www.atstake.com/products/lc
2
CERT Advisory CA-94:01, “Ongoing Network Monitoring Attacks,” 1994.
Search WWH ::




Custom Search