Talk:Challenge-response authentication

From Wikipedia, the free encyclopedia

[edit] "Challenge-response" or "challenge-reply"

Hello, can someone clarify whether challenge-response authentication or challenge-reply authentication is the right term? thanks --195.145.211.194 12:02, 28 November 2006 (UTC)

This is the first time I've heard the phrase "challenge-reply authentication". A Google search for the former yields about 118,000 results [1] while challenge-reply yields only 38 [2]. It's a safe bet to say "challenge-response authentication". -- intgr 15:32, 28 November 2006 (UTC)

[edit] "Unix passwords"

This paragraph is wack and the logic is flawed and convoluted. —Preceding unsigned comment added by 212.146.94.66 (talk) 16:04, August 30, 2007 (UTC)

It makes sense to me, but it's not well written indeed; I have added a "confusing" template. -- intgr ^#%@! 23:56, 30 August 2007 (UTC)

[edit] password as challenge/response

Most security professionals would disagree with:

"The simplest example of a challenge-response protocol is password authentication, where the challenge is asking for the password and the valid response is the correct password."

The key feature of challenge/response is that the responder is forced to give a different answer every time. Passwords are often contrasted with challenge response systems. For references see: RFC 4949, Network Security by kaufman et al or any good book on Information Security.

It is possible to distinguish between cryptographic challenge response systems where a well vetted cryptographic algorithm is performed to compute the output from the input and non-cryptographic systems where some other sort of prearranged scheme is used. See for example the O'Henry Story: Calloway's Code. In the story a reporter transmits the first word in a common phrase and the receivers fill in the rest of the phrase. In the story it is not used for authentication, but it could be. Perhaps a better example would recognition systems used by navies and other military organizations. They simply issue a secret code book containing challenges and their corresponding responses. Hal lockhart 21:38, 24 October 2007 (UTC)