Questions tagged as ['authentication']

Authentication is successfully validating that an entity you are communicating with is actually who they claim to be. The entity typically demonstrates who they are by showing they possess a secret that only they could know.
Score: 1
Is it possible to prove possession of AES-128 key?
us flag

My question is kind of related to this topic: Can we prove possession of an AES-256 key without showing it?

But I couldn't figure out how to apply it to my problem.

Lets say I have a hardware chip, and I want to prove it has not been copied. The chip can store a AES-128 key and can do some encryption with it - it can for example output a ciphered text and plain text. This key cannot be ...

Score: 1
Proving to a 3rd party an email received in was truly sent from
th flag


  1. I send an email from to
  2. Using only the email I received in, I'd like to prove to a 3rd party that I also own

Edit: assume I don't own neither domain1 nor domain2, just have email addresses in both (gmail and hotmail, for example)

Are there established ways to achieve this?

Score: 1
Kirill Khakimov avatar
Does CMS AuthEnvelopedData type provide message authentication?
cn flag

I was looking through the S/MIME Message specification (RFC 8551) to find out what security services it offers. Section 2.4.4 of this document describing AuthEnvelopedData content type (which uses the CMS type of the same name) says:

This content type is used to apply data confidentiality and message integrity to a message. This content type does not provide authentication or non-repudiation.

Auth ...

Score: 0
paul lacher avatar
Hybrid Authentications
br flag

Is there a reason why we can't combine private key MAC with digital signature to get a hybrid authentication scheme?

Is it because of the computational assumptions that digital signatures have?

Edit: (Clarification) I don't intend to combine them, it's a problem on a past final that I am doing as practice but I don't know how to explain why we can't combine them.

Score: 0
Hunger Learn avatar
Can we encode with the set of $\{0,1\}$ and its Boolean operations any finite or infinite domain?
ua flag

Can we encode with the set of $\{0,1\}$ and its Boolean operations any infinite domain that is subset of the real numbers $\mathbb{R}$ or the whole set of real numbers? For example can we encode the domain of a random variable $X$ that is a subset of the real numbers? Suppose that the random variable is normally distributed with mean $\mu_x\in \mathbb{R}$ and variance $\sigma_x^2>0$?

Score: 2
MichaelW avatar
How is MitM attack prevented when complete session is hijacked?
in flag

Lets say there is mutual authentication between a client which connects to a server on an otherwise unsecured TCP channel. Both parties create a random challenge and the other side answers with a keyd-hash, based on a pre-shared symmetric key.

$$C\rightarrow open \,\, connection \rightarrow S$$ $$C\rightarrow challenge_C \rightarrow S$$ $$C\leftarrow challenge_S \leftarrow S$$

$$C\rightarrow H_K(chall ...

Score: 1
MichaelW avatar
Is this kind of mutual Authentication safe?
in flag

The following is a real-world problem. In a standardized protocol clients can connect to a server using mutual 4-pass authentication on an otherwise unsecured TCP channel:

  • pass-1: Client send random Challenge C to server
  • pass-2: Server answers by sending random challenge S to client
  • pass-3: Client prepares res(S, K) and send it to S
  • pass-4: Server answers to client with res(C, K)

res(.) is GCM-GMAC  ...

Score: 2
AliReza Sabouri avatar
Should I use HMAC to create a multiple part HASH token
jp flag

I have a web API with a custom API authentication system that users each have a SecretKey and a public ApiKey. Using these two keys client(or user) can generate a token for the authentication on the server.

Consider this function generating an authentication token

public string GetToken(string apiKey, string secretKey, string expireTimestamp)
    using var hashAlgorithm = SHA256.Create();
    va ...
Score: 0
How to securely store data with an untrustworthy party?
in flag

Alice wants to store key:value pairs with Bob. The goal of the exercise is for Alice to be able to use Bob as a reliable data storage service, even if Bob were untrustworthy. A (correctly implemented) MAC/AEAD/Signature means Bob cannot tamper with records. But basic authentication is not sufficient to ensure that Bob returns the correct record, because it does not stop Bob from replaying old records ...

Score: 2
What is the link between anonymous credentials and transactional pseudonyms?
ie flag

Anonymous credentials are used to prove certain properties of a specific user without revealing any other information, and transactional pseudonyms are used to authenticate a user as the rightful owner of a specific transaction without revealing any other information. Are transactional pseudonyms a form of anonymous credential, does anonymous credentials use transactional pseudonyms or are they distinct ...

Score: 0
Hedeesa avatar
mutual authentication in STS protocol
de flag

STS Protocol is like this:

  1. $A \rightarrow B:~ g^x$
  2. $A \leftarrow B:~ g^y, E_K(S_B(g^y, g^x))$
  3. $A \rightarrow B:~ E_K(S_A(g^x, g^y))$

My question is why do we say in STS we have mutual authentication? For example:

  1. $A \rightarrow C: g^x$
  2. $C \rightarrow B: g^x$
  3. $C \leftarrow B: g^y, E_K(S_B(g^y, g^x))$
  4. $A \leftarrow C: g^y, E_K(S_B(g^y, g^x))$

so A will authenticate C instead of B!

Score: 0
Hedeesa avatar
Understanding MITM in an example authentication protocol
de flag

Imagine that we have a protocol like this:
B -> A: RB
A -> B: {RB,B}K

Goal: authenticate A to B
K: a shared key between A and B
{}K: encrypting by K

After receiving {RB, B}K by B, B is able to authenticate A. But what if we have something like:
A -> C: {RB,B}K
C -> B: {RB,B}K
so in this case B will authenticate C instead of A, isn't it?

Score: 1
헬창공돌이 avatar
What if the other user generate the Session Key rather than KDC for Key Establishment
cn flag

I m studying for the Key Establishment Using a Key Distribution Center From my understanding, KDC contains all the users' private keys. For example, If Alice wants to talk with Bob, Alice requests to the KDC by using Request(IDAlice,IDBob) and KDC generates the random session key and encrypts the session key with Alice's Key and Bob's key. Alice receives the encryptwithAliceKey(SessionKey),encryptwithBo ...

Score: 1
how high is the possibility of getting a hash collision in text files?
in flag

Just for an example, let's say I downloaded "the adventures of tom sawyer" from gutenberg in .txt file format and saved it to my usb thumb drive.

And as you can see, usb drive is not an ideal device for long term data retention. But if I insist on using it, there's possibility any files in my storage would finally be corrupted after long time without powering it up.

So what I will do now is to save  ...

Score: 1
Can I use SHA256 from BIP39 passphrase for auth credentials?
cn flag

I am working on an E2E encrypted app. I am using OpenPGP.js and storing public and private keys on the server. The private key is encrypted with a BIP39 passphrase which is stored in browser LocalStorage so it's never sent to a server. But I also need some credentials for users to login.

My idea is to make SHA256 from BIP39 passphrase and split it to two strings. First can be used for "username"  ...

Score: 1
krystof18 avatar
Do I need to change IV in AES-256 GCM when I only use encryption for challenge-response exchange with random string?
ag flag

When I want to use encryption only for challenge-response exchange and not for hiding the contents of an encrypted message, is it still a threat to me not changing IV for new encryption?

For easier understanding why I ask this here is my situation:

I'm using two Arduinos with LoRa transceivers to communicate with each other. One is a bridge connected to the internet and the other is connected to servos ...

Score: 3
moktor avatar
Is it safe to use AES-CCM only for authentication - i.e. for sending AAD without encrypted data?
cn flag

We are employing an AES-CCM 128-bit stream-cipher with 7-Byte Nonces and 12-Byte Authentication Tags in a communication protocol. Up until this point there was no need to use Additional Authenticated Data (AAD) in this protocol, as all transmitted data - apart from the Nonce - was encrypted.

In the meantime, some new networking-related requirements came up which may require one message-field to b ...

Score: 0
simbr avatar
Hashed password used for encryption and for user authentication at the same time
dz flag

As I am fairly new to cryptography, I would like to understand how to, in a simple way, implement a system that would achieve the following: the user would have to setup a password, which would then be used to:

1.) encrypt the data provided by the user and save it in an encrypted form and 2.) to authenticate the user when using the system the next time and decrypt his data.

When searching for viable solut ...

Score: 0
Sigmund Berbom avatar
Authentication in P2P networks without central server
br flag

I'm trying to understand how to perform authentication in an P2P network without a central server. Given a network with no central trusted unit and a PKI, how can one be sure of the authenticity of the public keys?

Usually the public keys would be signed by some central trusted authority which guarantees the authenticity of the keys. However, in a P2P network without a central server no such unit ...

Score: 2
Alok Maity avatar
Digital signature with Big Brother
ch flag

I have read digital signature with Big Brother but don't understand the sequence.

One approach to digital signatures is to have a central authority that knows everything and whom everyone trusts, say Big Brother $(BB).$Each user then chooses a secret key and carries it by hand to $BB$'s office. Thus, only Alice and $BB$ know Alice's secret key, $K_A$, and so on.

When Alice wants to send a signed plaint ...

Score: 1
Is the collision chance 2^(n/2) of an n-bit tag τ unchanged if reduced to (n/2)-bits using a reduction of τ to some 2^(n/2) order group element?
in flag

If $H(k, Μ) = τ$, in the context where $τ$ is an $n$-bit tag produced as a mac on a key, $k$, and a message, $M$, through a keyed-hash function, $H$, is there a function $F(τ) = T$ that transforms $τ$ into a group element, $Τ$, of some group, $G$, of order $2^{\frac{n}{2}}$, such that:

  • The chance of producing any $T$ ( where $F(τ') = F(τ) = T$; and $τ' ≠ τ$ ) is given by $≈2^{\frac{-n ...
Score: 0
Juanjo Martinez avatar
Authentication between two servers using PKA
cn flag

I've run into an small issue regarding authentication between 2 services (One way communication) using public and private key authentication (Elliptic Curve, secp256k1).

The services will communicate via an API REST via HTTPS, and the proposed implementation would be to have the client sign something with it's private key, send the signature along with the rest of the data, in the authentication  ...

Score: 0
arslancharyev31 avatar
Is server-side password strength validation possible with client-side password hashing?
in flag

Let's say I wish to setup a classic username & password authentication strategy on a server. All communication is encrypted via TLS. But ideally, I still do not want the server to be able to read the passwords in plain-text, even temporarily. To that end the client could send the password that is hashed and salted with some key (for simplicity let's assume it's the username). Let's call this a d ...

Score: 0
Ensure that a speedrun (or video recording) was done in one continuous hop (and not spliced together from many parts)
in flag

In speedrunning video games, one records a game being played and beaten in one continuous attempt. However, what can be done to cheat is to do multiple attempts, and splice together clips of the best segments to make one fast speedrun that wasn't done in a single continuous hop. This splicing isn't hard, as e.g. loading screens always look the same, so you can swap the video at those points witho ...

Score: 1
Authentication by Presenting the Symmetric Key over an Encrypted Channel
br flag

I have devices which need to communicate with a server over a mutually authenticated and encrypted channel. Authenticating the server is relatively easy, since I can embed the CA certificate in the device firmware and check the signature of the server's certificate. The problem is to authenticate the device to the server.

Normally I could sign the device's certificate as well, but there is no tru ...

Score: 0
Fikret Basic avatar
Designing a CRAM protocol for mutual authentication in constrained devices
us flag

We are currently designing a simple Challenge-Response Authentication Mechanism (CRAM) protocol based on symmetric cryptography that would be used on the constrained embedded devices that would operate in a closed short-range network.

Mutual authentication is desired. The security capabilities offered by the devices are for now unknown. Hence, we are focusing primarily on only using the AES proto ...

Score: 1
Geonhee Cho avatar
Is there any “approximate or probabilistic” password authentication method?
us flag

I understand that the password-based authorization check procedure requires that you enter a password that is correct, that is, does not allow even a single bit difference.

Suddenly I have this thought.

[System A] For password-based authorization system A, let's assume that the password is 256bit.

And it always asks for the correct password for permission verification.

The probability of successful autho ...

Score: 0
0xEval avatar
Authenticating Infrastructure SOAP-based API
in flag

I have been involved in a discussion the other day regarding the implementation of backend-to-backend authentication. The communications between each backend happen via SOAP (XML) message protocol.


Authenticate calls originating from Backend A <> Backend B. All communications can be considered to go through TLS tunneling first

Their proposed solution:

Append a Signature in a XML Heade ...

Score: 1
Hasttte avatar
Mifare Classic, authentification protocol question
gb flag

Thanks to reverse engineering papers on Mifare Classic, one can study the authentication protocol. However, I have a problem understanding how it works.

In the above document, after the reader responds with $\{n_R\}$ $\{a_R\}$, the tag can now calculate $b_{32}$ (keystream) to $b_{63}$ (thanks to $n_T$, $\text{uid}$ and the tag's key) so XOR it with $\{n_R\}$ to retrieve $n_R$. But how can we be sure t ...

Score: 0
Using shared secret as Out-Of-Band authentication data in Bluetooth pairing
br flag

According to the Bluetooth Specification, the pairing process starts with Slave sending a connectable advertising packet and then the Master initiates the connection. In LE Legacy OOB authentication a secret 128-bit Temporary Key (TK) is supposed to be shared via some other secure channel, e.g. NFC, to be used in a challenge-response authentication, which goes like this:

  1. Master chooses random Mrand a ...