Crauth

From VoidWarranties - Hackerspace Antwerp, Belgium
(Difference between revisions)
Jump to: navigation, search
Line 16: Line 16:
  
 
==Challenge/Response auth==
 
==Challenge/Response auth==
Pros:
+
===Pros===
 
* Easy to implement
 
* Easy to implement
 
* Requires no central auth server (but can be used, if required - for [[barputer]] accounting)
 
* Requires no central auth server (but can be used, if required - for [[barputer]] accounting)
 
* Requires no hardware, but hardware is recommended: the algorithm [[Yvanj]] developed is easy, and doable by hand on a sheet of paper (it's designed with calculatable by hand in mind)
 
* Requires no hardware, but hardware is recommended: the algorithm [[Yvanj]] developed is easy, and doable by hand on a sheet of paper (it's designed with calculatable by hand in mind)
  
Cons:
+
===Cons===
 
* Not super secure: once the algorytm has been found, and the parameters, challenges/responses are easily faked. Should only be used on places where authentication is a benefit, but not a requirement.
 
* Not super secure: once the algorytm has been found, and the parameters, challenges/responses are easily faked. Should only be used on places where authentication is a benefit, but not a requirement.
 
* Though the algo is easy, calculating by hard requires some time. Better not start with the current time if it's 14:50.
 
* Though the algo is easy, calculating by hard requires some time. Better not start with the current time if it's 14:50.
  
Characteristics:
+
===Other details===
 
* Requires username (is used in the calculation)
 
* Requires username (is used in the calculation)
 
* challenge/response
 
* challenge/response
 
* responses revoke itself by time. (should be a little less obvious how the time is processed, to prevent forging new tokens from existing ones easily - needs rethinking if this is an issue)
 
* responses revoke itself by time. (should be a little less obvious how the time is processed, to prevent forging new tokens from existing ones easily - needs rethinking if this is an issue)
 +
* doesn't require central storage for validation of codes (but is possible to add an extra layer of security, or to store data associated with the user which must be accessible by other apps/services)
 +
 +
==Barcode auth==
 +
===Pros===
 +
* Easy to use
 +
* More secure than challenge/response authentication
 +
* easy to transport/take with you
 +
 +
===Cons===
 +
* Requires special hardware (barcode reader)
 +
* Cards are easily forgotten at home, train/bus/tram, and knowing your barcode number by hard is not manageable for all people.
 +
 +
===Other details===
 +
* small cards with your code on, for in a wallet
 +
* requires central storage to validate tokens

Revision as of 14:38, 18 September 2011


Crauth
What:
Creating a simple authentication system without using a password which can be shared through multiple systems such as the barputer., and does not require specialized hardware to use.
Locked home.jpg
Participants:
Yvanj
Category:
Security
Locations:
Behind you desk, Den Bunker


Contents

Introduction

The goal of this project is to provide an easy-to-use authentication system which doesn't require a password. This comes in handy at the barputer (touch-based input), or other services not related to core management. The system should be easy to use, easy to implement, provide fair enough protection, and shouldn't require special tools or hardware.


Possible ideas

There were a few ideas, and this should be a summary of them. If the summary becomes too long, create a page/project for it.

Challenge/Response auth

Pros

Cons

Other details

Barcode auth

Pros

Cons

Other details

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox
Content Creation
Belgian Spaces