The IT Law Wiki

Challenge-response protocol

32,066pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Challenge-response protocol is

[a]n authentication protocol where the verifier sends the claimant a challenge (usually a random value or a nonce) that the claimant combines with a shared secret (often by hashing the challenge and secret together) to generate a response that is sent to the verifier. The verifier knows the shared secret and can independently compute the response and compare it with the response generated by the claimant. If the two are the same, the claimant is considered to have successfully authenticated himself. When the shared secret is a cryptographic key, such protocols are generally secure against eavesdroppers. When the shared secret is a password, an eavesdropper does not directly intercept the password itself, but the eavesdropper may be able to find the password with an off-line password guessing attack.[1]

References Edit

  1. NIST, Electronic Authentication Guideline 5 (NIST Special Publication 800-63) (Apr. 2006) (full-text).

Also on Fandom

Random Wiki