Challenge-response protocol

A challenge-response protocol is a technique for managing source authentication.

As a simple example, consider a user who wants to log in to a computer system. If he sends the actual password, or a hash of it, over the wire, then a wiretapper can get it. Moreover, if an attacker can obtain the list of encrypted passwords from the target system, then he can conduct a dictionary attack and break into any account whose password is in the dictionary.

In a challenge-response protocol, the interaction might go like this instead:
 * 1) the user requests a connection
 * 2) the system generates a random challenge C, using a strong random number generator
 * 3) the system sends C to the user
 * 4) the user encrypts C with a block cipher, using the hash of his password as key
 * 5) the user sends the encrypted challenge E back to the system
 * 6) the system decrypts E, using the stored hash of the user password as key
 * 7) if the result is C, the connection is allowed

There are many variations. The example uses a block cipher, but it can also be done with public key techniques &mdash; the user encrypts with his private key in step 4 and the system verifies with the public key in step six. A hash can also be used &mdash; steps 4 and 6 are then identical, hashing some combination of data that includes the challenge and the password (or its hash).

The challenge must be large enough to prevent a birthday attack. With a challenge of 2n bits, an attacker who logs the data from 2n/2 interactions has a significant chance of seeing a repeated challenge.