[clug] A Question About Password Handling and Authentication Mechanisms
James Ring
sjr at jdns.org
Mon Nov 24 22:52:18 MST 2014
I'm no expert but you may be describing Kerberos:
https://en.wikipedia.org/wiki/Kerberos_(protocol)
On Mon, Nov 24, 2014 at 9:36 PM, jm <jeffm at ghostgun.com> wrote:
> I've been meaning to look into/ask if there exists a challenge-response
> mechanism for passwords where the password doesn't have to be stored in
> plain text or in a recoverable form, ie it can be stored using a
> cryptographic hash. In fact, no where is the password stored or
> transmitted over a channel in a recoverable form. Does anyone know of
> such a beast?
>
> I image it would operate something like this:
>
> Say you have a password in plain text, password. It is then stored on
> the server hashed, Hserver(password). Upon connection from a client a
> challenge is sent to the client and using the plain text password
> entered by the user the client carries out a one way calculation, call
> this hash Hclient(password, challenge) which is then sent to the server
> for verification. To do this the server performance another calculation
> on the hashed password, Verifier(stored_password, challenge), and
> compares it to the client supplied hash. In other words,
>
> 1) Server stores password
> stored_password = Hserver(password)
>
> 2) Client connects.
>
> 3) Server send challenge to client, challenge.
>
> 4) Client calculates response to challenge with a one-way function
> response = Hclient(password, challenge)
>
> 5) Client sends response to server
>
> 6) Server calculated verifier code
> verifier = Verifier(stored_password, challenge)
>
> 7) Server compares results and allows access if there is a match
> if response == verifier:
> allow access
> else:
> disconnect
>
>
> Jeff.
>
>
> !DSPAM:547415e512416308818977!
>
>
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>
More information about the linux
mailing list