Kerberos & One Time Password

Today, i have got free time, remember a lesson about "Authenication methods". It is very usefull, so, i am going to school this next-week ( to be going to, not will :)).

Ok, in this lessson, i like on time password (OTP). Main contents is:
server store hash password (such as 1000 time) and number of hash times (N, in this example is 1000) in database
client request, server send number N to client, it is number of hash time.
client recevied that number N, performe hash (N-1) times password ( in this example is 999). Send it to server
server recevied hash (N-1) times of password, server hash one time, then compare with database, it true, client allowed.
server replace hash (N) times of password by hash (N-1) times of password from client, and number of hash times decrease one time ( N-1), in this example, 999 replace 1000.
If N equal 1, password reset.

I find many infomations about Kerberos:
Started in project Athena ( i don`t know)
Introduce in Windows 2000
Use symmetric key cryptography
    Hold crytographic keys _ Key Distribution Centre (KDC)
    Ticket Granting Server (TGS)
    Subject request access to an object
    Authenication ( Session key include user and password, request via KDC)
    KDC generate tickets for subject and object
    Subject validate came from KDC
    Subject send ticket to object
    Object validate ticket from subject
    Kerberos session is established, object grants access to subject
    Require synchronized time clock
    Use UDP
    Software must be part of kerberized
    .. etc
Thanks for reading
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more. 


Popular posts from this blog

Python - Multithread to read one file

An toàn thông tin ứng dụng Web

OpenCA tutorial