One Time Password



To avoid the problems of password sniffing and shoulder surfing, a system could use a set of paired passwords. When a session begins, the system randomly selects and presents one part of a password pair; the user must supply the other part. In this system, the user is challenged and must respond with the correct answer to that challenge.
This approach can be generalized to the use of an algorithm as a password. The algorithm might be an integer function, for example. The system selects a random integer and presents it to the user. The user applies a function and replies with the correct result. The system also applies the function. If the two-results match access is allowed.
Such algorithmic passwords are not susceptible to reuse; that is, a user can type in a password, and no entity intercepting that password will be able to reuse it. In this scheme, the system and the user share a secret. The secret is never transmitted over a medium that allows exposure. Rather, the secret is used as input to the function, along with a shared seed. A seed is a random number or alphanumeric sequence. The seed is the authentication challenge from the computer. The secret and the seed are used as input to the function f (secret, seed). The result of this function is transmitted as the password to the computer. Because the computer also knows the secret and the seed, it can perform the same computation. If the results match, the user is authenticated. The next time the user need to be authenticated, another seed is generated, and the same steps ensue. This time, the password is different.
In this one-time password system, the password is different in each instance. Anyone capturing the password from one session and trying to reuse it in another session will fail. One-time passwords are among the only ways to prevent improper authentication due to password exposure.
One-time password systems are implemented in various ways. Commercial implementations, such as SecurID, use hardware calculators. Most of these calculators are shaped like a credit card, a key-chain dangle, or a USB device; the current time as the random seed. others require the user to enter the shared secret, also known as a personal identification number or PIN, on the keypad. The display then shows the one-time password. The use of both a one-time password generator and a PIN is one form of two-factor authentication. Two different types of components are needed in this case. Two-factor authentication offers far better Authentication protection than single-factor authentication.

Another variation on one-time passwords uses a code book, or one-time pad, which is a list of single-use passwords. Each password on the list is used once then is crossed out or erased. The commonly used S/Key system uses either a software calculator or a code book based on these calculations as a source of one-time passwords. Of course, the user must protect his code book.


Share:

Related Posts:

No comments:

Post a Comment

Ashutosh Says...


"Hello My dear visitors, this blog is developed to give you more and more programming and software development stuffs. So, take a cup of coffee and come back to me, let us move together to an information age. 'All the Best!!!'"


Featuring

EVOLUTION OF OO METHODOLOGY

The earliest computers were programmed in machine language using 0 and 1. The mechanical switches were used to load programs. Then, to...