Re: Searching for a special challenge&response algorithm
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: Searching for a special challenge&response algorithm

From: Jan Peter Stotz <jp_news@gmx.de>
Date: Sat Apr 29 2006 - 18:41:49 CEST



Carlos Moreno schrieb:



>> Sorry, DoS is the wrong description. I had more something similar to an SSH


>> brute force attack in mind.


> 


> Ok.  A tiny nitpick:  SSH login attempts do not constitute a brute


> force attack -- that falls more in the category of a dictionary


> attack  (they're not trying all possible names with all possible


> passwords -- they're only trying a list of the commonly used


> combinations).



> Ok, but then -- a C-R implies that you're simply trusting a remote


> user as soon as they prove to you that they know the right password;


> so, there's nothing that the protocol or the implementation can do


> about it;  if the passwords *can be guessed*, then the remote


> attacker will be able to log in.



All passwords can be guessed. It is just a matter of time (theoretically). 



> The solution is:  make the passwords non-guessable.  Restrict the


> frequency with which logins may be attempted (with configurable


> exceptions, so that "privileged" IP addresses can always attempt


> the login).



That is exactly what I want do to but not on a per IP-basis (may be


additionally to it) but with the outlined c-r algorithm.


 


> Youcan also do what people do with SSH:  do not use password


> authentication at all -- use public-key authentication;  



Thanks but I already know that. The problem is that I don't want to secure


SSH - I am just looking for a algorithm which could slow down password


guessing/brute force attacks on a more general level.



I got the idea while studying PKCS#5 (algorithm for deriving crypto-keys


from a password). It slows down password guessing/brute force attacks by


adding 1000+ encryption rounds. Applying PKCS#5 to the usual c-r


implementations the random number sent from the server to the client would


be the password and the PKCS#5-password-derived-key would be the correct


response. The only problem is that testing the response if it is the right


one needs the same steps as creating it (on the client side). This makes it


unusable for an client-server scenario for c-r.



So I am searching for a replacement algorithm. It should be act like


backdoor-function (mathematically). The server has the secret for using


this backdoor - the client doesn't have it. The server only grants access


to the authentication function to clients which successfully applied the


backdoor-function to the challenge. Because of the missing secret the


client can not use the backdoor and has to use therefore much CPU power to


compute the function. The server knows the secret and can compute the


result quite easily. When the client returns the response to the challenge


the server compares it with it's own computation and grant access to the


authentication method if it is equal to the result computed by the server.



That is what I want to achieve...



Jan


Received on Mon May  1 02:06:09 2006