Subject autentisasi is proof. Evidenced includes three categories: something about us (something you are lignin), something we know (something you know SYK), and something that we have (something you have SYH). Lignin is closely related to the field of biometrics, such as examination-finger prints, retinal eye examination, voice analysis, etc.. SYK is identical with the password. As for SYH commonly used identity cards such as smartcard.
Perhaps, that is still widely used is air-password system. To avoid password theft and illegal use of the system, it is sensible to our network system equipped with a disposable passwords. How can the application of this method?
First, using time-stamp system unencrypted. In this way, the new password is sent after the first modified based on the current time. Second, using a challenge-response system (CR), where the password that we give depends on the challenge from the server. Roughly we prepare a list of answers (response) is different for the 'questions' (challenge), which differ by the server. Because the course is very difficult to memorize a few tens or hundreds of passwords, it would be easier if the memorized rule is to change the challenge provided a response (so not random). For example, our rule is: "kapitalkan fifth letter and delete the fourth letter", then the password that we provide is MxyPtlk1W2 to challenge Mxyzptlk1W2 system.
If the CR system, must be known 'aturan' it, then the time-stamp system, we must remember the password for the provision of these time-stamps. Does not make it this way? How lucky these mechanisms are generally handled by a device, either software or hardware. Kerberos, autentisasi software created at MIT and adopt a time-stamp system, require modifications to the client for time synchronization with the server as well as giving a stamp-time passwords. Modify the client program reminds us of the proxy and indeed, more or less like that. CR systems are usually applied at the same time with hardware support. Examples of operational CR system is a device SNK-004 card (Digital Pathways) that can be applied in conjunction with packet-FWTK TIS (Trusted Information Systems - Internet Firewall Toolkit).
TIS-FWTK offer a solution to single-use passwords (the CR) that 'fun': S / Key. S / Key hash algorithms iteratively apply the procedure to a seed, so the system can validate-client instant response but did not have the ability to predict response-next client. So if there is an intrusion on the system, there is no 'something' that can be stolen (usually a list of passwords). Hash algorithms have two main properties. First, the input can not be regenerated from the output (non-reversible). Second, there are two possible inputs for a same output.
No comments:
Post a Comment