challenge-response

Security, crytography: Stupid Challege - Response protocol??

Ok guys just a small game: I have some specifications for a project. At some point they ask for the following to encrypt a password over the net, saying that it is a challenge response protocol: CLIENT ----------------------------- SERVER (1)ask for challenge --------------> (2) <---------------------------- send SHA1 taken from ...

How can one make a web-site accessible only when someone has a dongle?

Suppose you want to add an extra layer of credentials on top of a SSL-encrypted login/password, but you don't want to increase complexity to the user. Is there a way to add the requirement of the possession of a dongle to web-server authentication schemes with existing cross-platform browser capabilities? In other words, to get access t...

What are some efficient ways to generate challenge/response for a backdoor entry scheme?

We have a system that uses password authentication to access a database, the usernames and encrypted passwords are stored in the database. when a user forgets their password, (or the administrator leaves for greener pastures) we want to be able to generate a new password for the current administrator or generate a new administrator. We ...

How to use the Java SASL API and CRAM-MD5

Hi! I'm currently playing with the Java SASL API and I wrote a little program to simulate a challenge response sequence using CRAM-MD5. However, I'm unsure about how to do this, as SaslClient and SaslServer only have methods evaluateChallenge(...) and evaluateResponse(...). I would expect SaslServer to have a method like issueChallenge(...