Differences

This shows you the differences between two versions of the page.

Link to this comparison view

people:solar:algorithms:challenge-response-authentication [2014/01/19 15:13]
solar added a description of hash precomputation possible due to salts being revealed before hashes are
people:solar:algorithms:challenge-response-authentication [2018/02/17 06:15] (current)
solar [Related work] dropped dead link; refer to SCRAM first, and to Paul Johnston's algorithm next
Line 132: Line 132:
  
 ===== Related work ===== ===== Related work =====
- 
-Paul Johnston independently came up with a [[http://​pajhome.org.uk/​crypt/​md5/​advancedauth.html#​alternative|challenge/​response algorithm]] that also falls in this category. ​ The algorithm is also [[http://​unitstep.net/​blog/​2008/​03/​29/​a-challenge-response-ajax-php-login-system/​|described in other words here]]. 
  
 As it turns out, the "​read-only"​ algorithm described above is exactly the same as the main algorithm behind [[http://​tools.ietf.org/​html/​rfc5802#​section-3|RFC 5802 (SCRAM)]] published in 2010 and building upon [[http://​tools.ietf.org/​html/​draft-newman-auth-scram-00|drafts dating back to 1997]]. I [[http://​groups.google.com/​group/​sci.crypt/​browse_thread/​thread/​7a1e061ec58a29b0/​514b550613dae50d|posted this algorithm to sci.crypt in 1999]] being unaware of the RFC drafts, and no one pointed me at them until Simon Josefsson did in 2012. This appears to be independent discovery. As it turns out, the "​read-only"​ algorithm described above is exactly the same as the main algorithm behind [[http://​tools.ietf.org/​html/​rfc5802#​section-3|RFC 5802 (SCRAM)]] published in 2010 and building upon [[http://​tools.ietf.org/​html/​draft-newman-auth-scram-00|drafts dating back to 1997]]. I [[http://​groups.google.com/​group/​sci.crypt/​browse_thread/​thread/​7a1e061ec58a29b0/​514b550613dae50d|posted this algorithm to sci.crypt in 1999]] being unaware of the RFC drafts, and no one pointed me at them until Simon Josefsson did in 2012. This appears to be independent discovery.
 +
 +Paul Johnston independently came up with a [[http://​pajhome.org.uk/​crypt/​md5/​advancedauth.html#​alternative|challenge/​response algorithm]] that also falls in this category.
  
 Back to [[:​people:​solar|my pseudo homepage]]. Back to [[:​people:​solar|my pseudo homepage]].
people/solar/algorithms/challenge-response-authentication.txt ยท Last modified: 2018/02/17 06:15 by solar
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux