Password security - Another idea
Wilson Heydt
whh at pbhya.PacBell.COM
Tue Jan 10 02:24:35 AEST 1989
In article <900 at eta.unix.ETA.COM>, bstrand at woods.unix.eta.com (Brad Strand) writes:
> The recent discussions regarding Unix password security (and the lack
> thereof) got me wondering about other authentification schemes. One
> such scheme that I haven't seen mentioned here, is replacing the password
> with a 'pass-function'. By that I mean that instead of having a
> password such as "xyzzy", each user would have his/her own personal
> function F, perhaps like
>
> F(C) = 4C + 3
>
> The idea would be for the system to replace the "password:" prompt
> with a prompt more like, "How about C?", where C is some reasonably
> small (maybe 16-bit) random "Challenge" number generated by the system.
> The user must then apply his/her pass-function to this particular C,
> and enter the resulting F(C). Example:
>
> login: <bstrand>
> How about 1204? <4819>
> Welcome, Brad! ... etc.
I've seen two implementations of this sort of scheme. They both use
a physical device to do the function--thus avoiding the problem of
users picking simple functions. (And also permitting turning access
off easily at need.) The first one is called "Gordian Key" and the
token is a gray block of plastic about 1-1/2 by 2-1/2 by 3/8 inches.
It has 4 photodiodes on one end and a 6-character LCD in the top.
The system generates the challenge code and displays it on the terminal
both as text and as a pattern of @s to be read by the photodiodes.
There is an auxilliary device available that has a keypad and a set
of LEDs so the user can key the challenge and it generates the scan
pattern for the key, instead of hold the key to the terminal screen.
The other device is called "SecurId" and looks rather like a credit-
card sized calculator. The passcode is continuously displayed.
In both these systems the challenge and passcode change every 30 seconds
and the key function is specific to the user. It is *supposed* to
be impossible to take either of them apart without destroying critical
parts of the circuitry.
--Hal
=========================================================================
Hal Heydt | "Hafnium plus Holmium is
Analyst, Pacific*Bell | one-point-five, I think."
415-645-7708 | --Dr. Jane Robinson
{att,bellcore,sun,ames,pyramid}!pacbell!pbhya!whh
More information about the Comp.unix.wizards
mailing list