Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 3.) Example: Assuming a network has been breached; Mary chose the password 1234567890. Mary wants to authenticate herself with the logon system. Mary is unaware that an evil computer is sitting in-between herself and her home router, via Man-In-The-Middle. The server generates the random number 0987654321, this is then sent to Mary.
- Mary receives this number (Alongside the evil computer). Mary goes to her calculator and types: 1234567890 + 0987654321 = 2222222211. Mary then sends the result to the login system. The evil computer also receives the communication.
- The evil computer then performs the calculation: 2222222211(response) – 0987654321(challenge) = 1234567890(password). The evil computer now has the plain text password Mary used for authentication, and can re-use this password on any system Mary may authenticate with via this password. The problem with this method is that the authentication mechanism is not a one way function, it can be reversed assuming the attacker knows the method used in the computation of the result.
Add Comment
Please, Sign In to add comment