Differences

This shows you the differences between two versions of the page.

--- people:solar:algorithms:challenge-response-authentication [2014/01/20 00:13]
solar added a description of hash precomputation possible due to salts being revealed before hashes are
+++ people:solar:algorithms:challenge-response-authentication [2018/02/17 15:15] (current)
solar [Related work] dropped dead link; refer to SCRAM first, and to Paul Johnston's algorithm next
@@ Line 132: / Line 132: @@
 ===== Related work =====
-Paul Johnston independently came up with a [[http://pajhome.org.uk/crypt/md5/advancedauth.html#alternative|challenge/response algorithm]] that also falls in this category.  The algorithm is also [[http://unitstep.net/blog/2008/03/29/a-challenge-response-ajax-php-login-system/|described in other words here]].
 As it turns out, the "read-only" algorithm described above is exactly the same as the main algorithm behind [[http://tools.ietf.org/html/rfc5802#section-3|RFC 5802 (SCRAM)]] published in 2010 and building upon [[http://tools.ietf.org/html/draft-newman-auth-scram-00|drafts dating back to 1997]]. I [[http://groups.google.com/group/sci.crypt/browse_thread/thread/7a1e061ec58a29b0/514b550613dae50d|posted this algorithm to sci.crypt in 1999]] being unaware of the RFC drafts, and no one pointed me at them until Simon Josefsson did in 2012. This appears to be independent discovery.
+Paul Johnston independently came up with a [[http://pajhome.org.uk/crypt/md5/advancedauth.html#alternative|challenge/response algorithm]] that also falls in this category.
 Back to [[:people:solar|my pseudo homepage]].