10. based on the previous password
● s = seed
● f(s) = hash function
● f(f(f( .... f(s) .…)))
● f1000
(s) is stored on the target system
● p = f999
(s) # user's first login password
● f(p) = f1000
(s) #server can authenticate password
● The value stored in target replaced by p.
● p = f998
(s) #next login
● f(p) = f999
(s) #server can authenticate password
17. ● hash function
➢ MD5 #HMACMD5
➢ SHA1 #HMACSHA1
● IPsec and TLS protocols are used HMACSHA1
and HMACMD5.
Hashbased message
authentication code
sc is the server generated challenge
cc is the client generated challenge
cr is the client response
sr is the server response
a short piece of information used to authenticate a message
To provide integrity and authenticity assurances on the message
The mask sets the most significant bit to 0, to prevent the number from being interpreted as negative. This guards against different implementations of the modulo operation by processors.[2]
What you know => user name and password
What you have => one time password token
What you know => user name and password
What you have => one time password token
What you are