This shows you the differences between two versions of the page.
people:solar:algorithms:challenge-response-authentication [2014/01/20 00:13] solar added a description of hash precomputation possible due to salts being revealed before hashes are |
people:solar:algorithms:challenge-response-authentication [2018/02/17 15:15] (current) solar [Related work] dropped dead link; refer to SCRAM first, and to Paul Johnston's algorithm next |
||
---|---|---|---|
Line 132: | Line 132: | ||
===== Related work ===== | ===== Related work ===== | ||
- | |||
- | Paul Johnston independently came up with a [[http://pajhome.org.uk/crypt/md5/advancedauth.html#alternative|challenge/response algorithm]] that also falls in this category. The algorithm is also [[http://unitstep.net/blog/2008/03/29/a-challenge-response-ajax-php-login-system/|described in other words here]]. | ||
As it turns out, the "read-only" algorithm described above is exactly the same as the main algorithm behind [[http://tools.ietf.org/html/rfc5802#section-3|RFC 5802 (SCRAM)]] published in 2010 and building upon [[http://tools.ietf.org/html/draft-newman-auth-scram-00|drafts dating back to 1997]]. I [[http://groups.google.com/group/sci.crypt/browse_thread/thread/7a1e061ec58a29b0/514b550613dae50d|posted this algorithm to sci.crypt in 1999]] being unaware of the RFC drafts, and no one pointed me at them until Simon Josefsson did in 2012. This appears to be independent discovery. | As it turns out, the "read-only" algorithm described above is exactly the same as the main algorithm behind [[http://tools.ietf.org/html/rfc5802#section-3|RFC 5802 (SCRAM)]] published in 2010 and building upon [[http://tools.ietf.org/html/draft-newman-auth-scram-00|drafts dating back to 1997]]. I [[http://groups.google.com/group/sci.crypt/browse_thread/thread/7a1e061ec58a29b0/514b550613dae50d|posted this algorithm to sci.crypt in 1999]] being unaware of the RFC drafts, and no one pointed me at them until Simon Josefsson did in 2012. This appears to be independent discovery. | ||
+ | |||
+ | Paul Johnston independently came up with a [[http://pajhome.org.uk/crypt/md5/advancedauth.html#alternative|challenge/response algorithm]] that also falls in this category. | ||
Back to [[:people:solar|my pseudo homepage]]. | Back to [[:people:solar|my pseudo homepage]]. |