Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
F
F
Flipsen2021-04-04 20:28:02
User identification
Flipsen, 2021-04-04 20:28:02

Using EDS in authentication?

Hello to all!
I study authentication protocols. can anyone tell me about one-sided with 2 passes?
So, as I see it:
1) The server (checking) sends a random number to the weirdo-yudik
2) The weirdo receives the number and takes his password. Then he makes a HASH from the sum of the password and the number.
3) The server receives the hash and takes the password of the weirdo-yudik from its database and makes a hash with its sent random number. Verifies received hashes.
————— The steps above are clear to me, but I don’t understand why I need to insert an EC signature here. Type in the second step, you can calculate the signature from the hash and transfer it too. And what then to the server to check + for what. Could you advise?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
C
cicatrix, 2021-04-05
@cicatrix

An asymmetric cipher provides for 2 keys - private and public
. It is envisaged that no one knows the private key except the owner, the public key is known to everyone.
The public key can decrypt a message encrypted with the private key, but the encryption itself can only be done using the private key.
This is the basis for the operation of the EDS. If I can decrypt the message using the public key, then I know for sure that the owner encrypted it.
For greater reliability, each session data is encrypted using a conventional symmetric cipher, the key to which is randomly generated and updated every session.
The transfer of such a key over an insecure channel is carried out according to the Diffie-Hellman algorithm, specially developed for this. This is where the private and public keys of the asymmetric cipher are used.

Report
R
Rsa97, 2021-04-04
@Rsa97

The private key of the certificate is stored on the client, and the paired public key is stored on the server.
The server generates a random data block and sends it to the client.
The client signs this block with a private key and sends it to the server.
The server verifies the signature with the public key.
If the signature is correct, the client is authenticated.
The password is not used at all.

Similar questions
M
mrEvilHungry2022-01-30 22:08:53
Content specific user show specific content on wp? 3Reply
W
WebDev2018-12-03 10:39:27
Is the authorization correct? 3Reply
D
Dauren S2016-07-16 12:10:28
Docker push requires authorization? 0Reply
D
Dmitry2014-06-26 16:40:34
Where can I find a similar authorization form? 1Reply
D
distorting_reality2014-07-04 22:37:21
Authorization through social networks and registration through social networks. networks on the site. What is the difference? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question