Challenge–response authentication

Posted zzfx

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Challenge–response authentication相关的知识,希望对你有一定的参考价值。

In computer securitychallenge–response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authenticated.

The simplest example of a challenge–response protocol is password authentication, where the challenge is asking for the password and the valid response is the correct password.

 

Clearly an adversary who can eavesdrop on a password authentication can then authenticate itself in the same way. One solution is to issue multiple passwords, each of them marked with an identifier. The verifier can ask for any of the passwords, and the prover must have that correct password for that identifier. Assuming that the passwords are chosen independently, an adversary who intercepts one challenge–response message pair has no clues to help with a different challenge at a different time.

 

通常用于安全级别较高的找回密码等功能。比如qq、微信等,需要提供多重验证。

 

基于会话的安全认证机制:

A 老姑,我要和你借20元钱;

B 你是?

A 我是XX的儿子;

B 你的伯父叫什么?姑姑叫什么?你爸兄妹几个?

A 哔哩哔哩.....

B 你爷爷叫什么?

A bilibili

B 50元够不够?

A 够了;谢谢!

以上是关于Challenge–response authentication的主要内容,如果未能解决你的问题,请参考以下文章

Local Authentication Using Challenge Response with Yubikey for CentOS 7

缺少参数 code_challenge_method

Perl Authen::OATH 和 Google Authenticator - 不兼容?

php 使用Passport进行Laravel REST API身份验证:https://www.cloudways.com/blog/rest-api-laravel-passport-authen

HTTP认证方式详解

CSRF详解