Saturday, September 11, 2010

Kerberos & One Time Password

Today, i have got free time, remember a lesson about "Authenication methods". It is very usefull, so, i am going to school this next-week ( to be going to, not will :)).

Ok, in this lessson, i like on time password (OTP). Main contents is:
server store hash password (such as 1000 time) and number of hash times (N, in this example is 1000) in database
client request, server send number N to client, it is number of hash time.
client recevied that number N, performe hash (N-1) times password ( in this example is 999). Send it to server
server recevied hash (N-1) times of password, server hash one time, then compare with database, it true, client allowed.
server replace hash (N) times of password by hash (N-1) times of password from client, and number of hash times decrease one time ( N-1), in this example, 999 replace 1000.
If N equal 1, password reset.

I find many infomations about Kerberos:
Started in project Athena ( i don`t know)
Introduce in Windows 2000
Use symmetric key cryptography
Compoments:
    Hold crytographic keys _ Key Distribution Centre (KDC)
    Tickets
    Ticket Granting Server (TGS)
Process:
    Subject request access to an object
    Authenication ( Session key include user and password, request via KDC)
    KDC generate tickets for subject and object
    Subject validate came from KDC
    Subject send ticket to object
    Object validate ticket from subject
    Kerberos session is established, object grants access to subject
Problem:
    Require synchronized time clock
    Use UDP
    Software must be part of kerberized
    .. etc
------------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more. 
   

No comments:

Install Xposed Inspector and Frida on Genymotion

Today i had some work with android. So i need trace application. I found 2 nice tool can help me: Xposed Inspector and Frida. To setup ther...