[clug] A Question About Password Handling and Authentication Mechanisms

Bob Edwards Robert.Edwards at anu.edu.au
Mon Nov 24 23:08:31 MST 2014 

On 25/11/14 16:52, James Ring wrote:
> I'm no expert but you may be describing Kerberos:
> https://en.wikipedia.org/wiki/Kerberos_(protocol)
>

I'd also recommend reading:
http://web.mit.edu/kerberos/www/dialogue.html

Bob Edwards

> On Mon, Nov 24, 2014 at 9:36 PM, jm <jeffm at ghostgun.com> wrote:
>
>> I've been meaning to look into/ask if there exists a challenge-response
>> mechanism for passwords where the password doesn't have to be stored in
>> plain text or in a recoverable form, ie it can be stored using a
>> cryptographic hash. In fact, no where is the password stored or
>> transmitted over a channel in a recoverable form. Does anyone know of
>> such a beast?
>>
>> I image it would operate something like this:
>>
>> Say you have a password in plain text, password. It is then stored on
>> the server hashed, Hserver(password). Upon connection from a client a
>> challenge is sent to the client and using the plain text password
>> entered by the user the client carries out a one way calculation, call
>> this hash Hclient(password, challenge) which is then sent to the server
>> for verification. To do this the server performance another calculation
>> on the hashed password, Verifier(stored_password, challenge), and
>> compares it to the client supplied hash. In other words,
>>
>> 1)  Server stores password
>>    stored_password = Hserver(password)
>>
>> 2) Client connects.
>>
>> 3) Server send challenge to client, challenge.
>>
>> 4) Client calculates response to challenge with a one-way function
>>    response = Hclient(password, challenge)
>>
>> 5) Client sends response to server
>>
>> 6) Server calculated verifier code
>>     verifier = Verifier(stored_password, challenge)
>>
>> 7) Server compares results and allows access if there is a match
>>      if response == verifier:
>>          allow access
>>     else:
>>        disconnect
>>
>>
>> Jeff.
>>
>>
>> !DSPAM:547415e512416308818977!
>>
>>
>> --
>> linux mailing list
>> linux at lists.samba.org
>> https://lists.samba.org/mailman/listinfo/linux
>>

More information about the linux mailing list