Challenge generation
  • 31 Dec 2024
  • 1 Minute à lire
  • Sombre
    Lumière
  • PDF

Challenge generation

  • Sombre
    Lumière
  • PDF

The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article

There are two modes of generating a challenge for Challenge/Response authenticator applications:

  • 2-step challenge/response
  • 1-step challenge/respone

2-step challenge/response

This mode can be used for Web authentication, where Challenge/Response is supported. In this mode, the authentication process takes place in two steps.

First, the users request a challenge to be generated. How the users need to request the challenge is defined by the Request Method and Request Keyword policy settings. The challenge is generated specifically for their authenticator and in accordance to the specified settings (see Request methods and request keywords).

When a challenge is returned, the users submit a second step logon with the response to the challenge as their OTP. This second step goes through the whole authentication process again to verify the response.

1-step challenge/response

This mode is also possible for Web authentication, where Challenge/Response is supported. In this mode, the user sees only one logon step. This mode is suitable for time-based Challenge/Response, but is less secure for non-time-based Challenge/Response. If an attacker manages to capture some valid responses, the attacker can repeatedly request new challenges until one known comes up again.

With 1-step Challenge/Response, a random challenge is requested automatically by the Web application and presented to the users on the login page. A general-purpose challenge is generated, without reference to any particular authenticator's programming. The users log in with their response to the challenge as their OTP.


Cet article vous a-t-il été utile ?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle