Security Investigate

Zero Knowledge Password Authentication Protocol

Download now Free registration required

Executive Summary

In many applications, the password is sent as clear text to the server to be authenticated thus providing the eavesdropper with opportunity to steal valuable data. This paper presents a simple protocol based on zero knowledge proof by which the user can prove to the authentication server that he has the password without having to send the password to the server as either clear text or in encrypted format. Thus the user can authenticate him-self without having to actually reveal the password to the server. Also, another version of this protocol has been proposed which makes use of public key cryptography thus adding one more level of security to the protocol and enabling mutual authentication between the client & server.

  • Format: PDF
  • Size: 118.7 KB