Insert password authentication on cryptography
9 views (last 30 days)
Show older comments
Bakka
on 27 Jan 2014
Commented: Walter Roberson
on 27 Jan 2014
hi everyone, I was build a program cryptography. it works properly but there is no password authentication for user. When user input password on encrypt process, the program will ask later on decrypt process.
The process should be like this.
- user choose the plaintext
- user input password
- plaintext encrypt to chipertext
For the decrypt
- user choose the chipertext
- user input password, if password correct, go to step (3), if not go to step (4)
- chipertext decrypt to plaintext(original text from encrypt step)
- chipertext decrypt to wrong information plaintext
How is the algorithm password authentication ? If you have some solutions or references please let me know. Many thanks
0 Comments
Accepted Answer
Walter Roberson
on 27 Jan 2014
Good security would say "Don't do that." Make the attacker spend the time decrypting the message. Let the attacker decide whether the resulting message is the right message or not. If you give an error message before decrypting the message, then 1) The user can quickly switch to another attempt, and do that over and over until you tell them they got the key right; and 2) the user will know they got it right because you didn't complain that they had the wrong key. Best security practice is to make every decryption (whether correct key or not) take exactly the same time so that the attacker cannot tell by analyzing timings whether they got the right answer, and best security practice would to use an encryption algorithm that could in theory present a completely wrong message if the attacker did not know the right key.
There is an encryption method called "One-Time-Pad" in which you distribute a shared key to the person who has to decode the message. To encrypt you perform a simple operation such as XOR'ing the shared key with the message. Upon receive the destination performs the same reversible operation using the shared key, getting the original message. Then both sides throw away that shared key and never use it again. Someone trying to attack the encryption has the problem that if they use the wrong key, they will get a different decrypted message that might look entirely plausible. "ATTACK!!" and "RETREAT!" have exactly the same length so if they attacker uses one wrong key then they will get out "ATTACK!!" and if they use a different wrong key then they will get out "RETREAT!" and if they use a third wrong key they will get out "TEA TIME" and they will have no idea if they were right. One-Time Pad encryption is considered to be the only truly secure encryption -- provided, that is, that the shared key is securely distributed to the person who is intended to decrypt it. And notice that the reason it is considered to be truly secure is that it does not give any feedback as to whether the right key was used for the decryption attempt.
2 Comments
More Answers (0)
See Also
Categories
Find more on Encryption / Cryptography in Help Center and File Exchange
Products
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!