Response | Technology cont’d

• Cryptography cont’d

  • Authentication via challenge handshake
    • Prove possession of a secret as proof of identity without disclosing the secret
    • [1] User’s non-secret credentials (username) and corresponding secret (password) stored on server
    • [2] User provides their username to server
    • [3] Server generates the challenge... a random string and sends to user
    • [4] User combines the challenge with their password, hashes it, and responds with the result
    • [5] Server reverses the process using its copy of the user’s secret password... if the message matches the random string, the user is authenticated
    • Note: The secret password itself is never disclosed