Timeline for Is this authentication and encryption solution secure?
Current License: CC BY-SA 3.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Mar 15, 2016 at 11:33 | vote | accept | Zwarmapapa | ||
| Mar 15, 2016 at 9:53 | comment | added | fr00tyl00p | @Zwarmapapa "being able to trust each other" would indicate you want mutual authentication. Please excuse me not writing things down more specifically but analyzing your construct is just beyond scope. Check out e.g. "Protocols for Authentication and Key Establishment" which is available via google books online (partly) to get an understanding of the basic principles first. | |
| Mar 14, 2016 at 18:05 | comment | added | Neil Smithline | +1 for the pass the hash notification. | |
| Mar 14, 2016 at 17:54 | comment | added | Zwarmapapa | Won't your given example be weak against replay attacks from the server for example? How do you know the server is the actual server? Anyway, I like the tips and help, but saying "it's probably not secure" doesn't really help me that much :P In order to know what I'm doing wrong I'd need something a bit more specific, like "x is wrong because x can do x". Anyway, the hash from the database is indeed the secret, and both sides being able to trust each other is the goal. Also, didn't know this had an official name, I'll try looking up some examples of shared secret authentication schemes. | |
| Mar 14, 2016 at 17:34 | history | answered | fr00tyl00p | CC BY-SA 3.0 |