When Sniffers Are Useless

Previous page
Table of content
Next page

Recently, the trend of migrating to authentication protocols protected against sniffing has become noticeable. Such protected authentication protocols never transmit the password as plaintext over the network. Instead, such protocols transmit password hashes, each time with different values (which means that the captured hash value cannot be reused).

Authentication is carried out approximately as follows : The client passes his or her login name to the server (as a rule, this is done as plaintext). The server retrieves the corresponding hash from its database, generates an arbitrary sequence of bytes (challenge), and passes it to the client. The client computes the hash of its password, uses the challenge as the encryption key to encrypt it, and returns the result to the server. The server carries out a similar operation, compares the result with the client's response, and either authenticates the user or refuses to establish the connection.

The procedure of hash encryption is irreversible, and a brute-force attack on it requires considerable time, which makes traffic sniffing meaningless.


Previous page
Table of content
Next page
Shellcoder's Programming Uncovered
Shellcoders Programming Uncovered (Uncovered series)
ISBN: 193176946X
EAN: 2147483647
Year: 2003
Pages: 164
Authors: Kris Kaspersky
BUY ON AMAZON
Cisco Voice Gateways and Gatekeepers
Competency-Based Human Resource Management
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Mastering Delphi 7
Information Dashboard Design: The Effective Visual Communication of Data
Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy