From 93fc6d5b3bb479615ebeff527e6d866ac7925c85 Mon Sep 17 00:00:00 2001 From: Tobias Eidelpes Date: Tue, 21 Jun 2022 17:37:40 +0200 Subject: [PATCH] Add solution for 5j --- exam/ex.tex | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/exam/ex.tex b/exam/ex.tex index 3324f88..0382480 100644 --- a/exam/ex.tex +++ b/exam/ex.tex @@ -319,7 +319,18 @@ and simulated transcripts are the same. A given valid transcript occurs with probability $1/2^{130}$. - \item \TODO + \item $\mathsf{ID}_{CGI2}$ can be used for authentication if a client + (prover) proves to a server (verifier) the possession of a password + without actually revealing it. The client shares a commitment with the + server and as soon as the client wants to log-in, it receives a challenge + from the server. If the client can successfully pass the challenge (i.e., + the response from the client is equal to the commitment), it is + authenticated with the server. + + The advantage of such a scheme over conventional password-based + authentication is that the secret is never transmitted to anyone. + Futhermore, the commitment is also not vulnerable to dictionary attacks, + as is common with stored password hashes on the server's side. \item \TODO