12-29-2006
Password-based challenge-response
Hello all,
I have this question, hope to get some guidance...
Fora simple password-based challenge-response protocol between a user A
and a server S, where Pa is A's password, n is a random nonce generated
by the server, and h is a known cryptographic hash function.
1. S -> A: E(Pa,n)
2. A -> S: E(Pa,h(n))
How to show that this protocol is vulnerable to an off-line password
guessing attack? and how would the attack take place ?. Under which
circumstances would the vulnerability not be a problem?
thanks for reading...
cheers.
9 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Happy Holiday Season All,
I once found a software package on the web that was pretty cool. The package was used in conjunction with sendmail or procmail (I think) and would compare the senders email address to a database on the server. If the senders address was not in the database, it would... (2 Replies)
Discussion started by: Neo
2 Replies
2. UNIX for Advanced & Expert Users
Hi, there are some servers here at work which issue a Safeword challenge after I login. Can anyone tell me exactly how the challenge/response system works? In particular, how are the valid keys decided? (2 Replies)
Discussion started by: blowtorch
2 Replies
3. Shell Programming and Scripting
Here's a regex substitution operation that has stumped me with sed:
How do you convert lines like this:
first.key ?{x.y.z}
second.key ?{xa.ys.zz.s}
third.key ?{xa.k}
to:
first.key ?{x_y_z}
second.key ?{xa_ys_zz_s}
third.key ?{xa_k}
So i'm basically converting all the... (11 Replies)
Discussion started by: neked
11 Replies
4. Shell Programming and Scripting
Hi guys,
I will need some help with a to automate a challenge/response sequence when I try to SCP files from a server to another.
The scenario is like this :
After selecting in a script the option to send files via scp (case switch):
I get this output from linux term:
The... (4 Replies)
Discussion started by: REX:)
4 Replies
5. UNIX for Dummies Questions & Answers
I have to create a bunch of functional (non-user) accounts that are owned by 1 person. And I create several of these functional accounts each day so there are several owners. Is there a way to make a password based off an algorithm that uses the owners identification number, so all accounts I... (2 Replies)
Discussion started by: MaindotC
2 Replies
6. Emergency UNIX and Linux Support
hi all,
i am trying to change the password of a user as the same is used in
various deployment scripts but when chnaging the passowrd to desired one by root user i am getting as below
Changing password for user tcms.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word... (6 Replies)
Discussion started by: Jcpratap
6 Replies
7. Shell Programming and Scripting
I have searched through google, and this forum to try and find the answer, but alas, nothing quite hits the whole answer.
I am trying to read the last line (or lines) of some log files. I do this often.
The files are named sequentially, using the date as part of the file name, and appending... (18 Replies)
Discussion started by: BatterBits
18 Replies
8. Shell Programming and Scripting
Hello all,
I am using the VPN provider Private Internet Access.
I am using the Raspberry Pi 4 with 4GB of RAM, performance on this upgraded board is great.
Anyways I am connecting to its service using systemd's openvpn-client @ US_New_York_City.service
I wonder if I can create a... (5 Replies)
Discussion started by: haloslayer255
5 Replies
9. Forum Support Area for Unregistered Users & Account Problems
I was unable to login and so used the "Forgotten Password' process. I was sent a NEWLY-PROVIDED password and a link through which my password could be changed. The NEWLY-PROVIDED password allowed me to login.
Following the provided link I attempted to update my password to one of my own... (1 Reply)
Discussion started by: Rich Marton
1 Replies
LEARN ABOUT CENTOS
radcrypt
RADCRYPT(8) System Manager's Manual RADCRYPT(8)
NAME
radcrypt - generate password hash for use with radius, or validates a password hash
SYNOPSIS
radcrypt [-d|--des] [-m|--md5] [-c|--check] plaintext_password [hashed_password]
DESCRIPTION
radcrypt generates a hashed digest of a plaintext password, or can validate if a password hash matches a plaintext password. DES and MD5
hashes are currently supported. When generating a password hash a random salt is generated and applied.
A hashed password can be validated by specifying -c or --check and passing hashed_password after plaintext_password on the command line.
In this case hashed_password will be checked to see if it matches plaintext_password. If so "Password OK" will be printed and the exit sta-
tus will be 1, otherwise "Password BAD" will be printed and exit status will be 0 (Note this is the opposite of a normal successful shell
status).
OPTIONS
-d --des
Use a DES (Data Encryption Standard) hash (default). Ignored if performing a password check.
-m --md5
Use a MD5 (Message Digest 5) hash. Ignored if performing a password check.
-c --check
Perform a validation check on a password hash to verify if it matches the plantext password.
EXAMPLES
$ radcrypt foobar
HaX0xn7Qy650Q
$ radcrypt -c foobar HaX0xn7Qy650Q
Password OK
SEE ALSO
radiusd(8), crypt(3)
AUTHORS
Miquel van Smoorenburg <miquels@cistron-office.nl>
RADCRYPT(8)