The Need
3. Authentication mechanisms are vulnerable to active attacks do not reveal the password system designed to prevent replay attacks. Developed several systems for generating passwords are not disclosed. Authentication system is S / Key (TM), developed by Bellcore generates a lot of one-time passwords from a single secret key Haller94. She does not use physical objects (token), so it is convenient for machine-machine authentication. Authentication is S / Key does not require memorization of the secret key user, which is an advantage when dealing with unreliable computer systems. In its present form, system S / Key is vulnerable to enumeration attacks with a dictionary in case of an unfortunate choice of a password. System chap ppp protocol does not is revealing, but it applies only locally LS92, Simpson93.
3.4. Authentication mechanisms are not vulnerable to passive attacks As the use of networks increases the need for more stringent authentication. In open networks large number of users can access the information transferred over the network. The user can simulate a situation in which they sent the information will be treated as sent to other network object. More powerful authentication systems use the computational capabilities of partners involved in the authentication process. Authentication may be unidirectional, such as authentication users in the computing system, or it may be mutual, where both partners must identify each other. Some authentication systems use cryptographic techniques to form a shared secret code (eg, session key) which can be used in the subsequent exchange. For example, the user after the completion of the authentication process may be granted an authentication ticket that can be used to obtain other services without additional authentication.