Collaborate Disseminate
I currently have to write a paper for university in my Network Security lecture about methods of secure location verification. Therefore, I chose to write about several distance bounding protocols, e.g. the one by Brands and Chaum and the … Continue reading Problems understanding the use of Distance Bounding against Man-In-The-Middle attacks
I’m currently developing an Android Application that communicates with a server and needs the user to login.
The connection is secured with SSL and certificate pinning.
For user authentication I’m currently using challenge-response.
The se… Continue reading Challenge-Response authentication and SSL
At my Company, we put a honeypot in our network and it raised us the Lansweeper SSH password used to connect to the scanned assets (and it is reusable over many boxes…).
So it is a way for an attacker to get sensitive passwords in a corp… Continue reading Is this Wikipedia article about SCRAM wrong?
Suppose that 2 people have a keyed hash algorithm (that is, a MAC) with a key that they both know. How could they implement challenge-response using their keyed hash algorithm? This confuses me…
For the sole purpose of learning, I am trying to figure out how disk encryption software is able to recover password of an encrypted disk using a challenge response mechanism.
Th recovery process usually goes like that:
You forgot your… Continue reading How challenge response password recovery mechanism works with disk encryption?
For the sole purpose of learning, I am trying to figure out how disk encryption software is able to recover password of an encrypted disk using a challenge response mechanism.
Th recovery process usually goes like that:
You forgot your… Continue reading How challenge response password recovery mechanism works with disk encryption?
When registering a new credential as part of WebAuthn, why does the client need to be sent a challenge?
Presumably this is to prevent a replay attack, but wouldn’t a replay attack be prevented by TLS already?
I was reading about Passwords and came across methods used for authenticating client to a server. Since sending password in Plain text to the server isn’t the best method for authentication of a user, certain methods were described which p… Continue reading Which user authentication measures are used nowadays?
I was thinking about an authentication where
the user only has to know a password
but no salt, everything else the client retrieves from the server
yet a user’s password can’t be retrieved from the data on the server
nor fr… Continue reading Is there a password based challenge response authentication scheme with public key cryptography?
I use a Windows 10 PC and an Android phone with Keepass.
I would like to add a second factor on top of my master password that works with both Windows 10 and my Android phone.
Between the two support methods of authenticati… Continue reading Which is more secure Yubikey + Keepass using Challenge/Response or Yubikey + Keepass using OTP?