A nonce is a word, a string of letters or numbers that is intended for use only once. In the past, nonce stood for a word that would soon be replaced by something better. In cryptography, a nonce is a random or pseudo-random number generated for a specific purpose and used only once within a cryptographic protocol or system. Nonces serve multiple purposes, including ensuring uniqueness, preventing … [Read more...]

U2F (Universal Second Factor) is an industry standard for general-purpose two-factor authentication, based on adapted challenge-response authentication. In addition to an access password, it is used to prove access authorization, for example for web-based services, and can also be used in combination with digital personal documents to establish identity. The U2F specifications were developed by … [Read more...]

Iris recognition is a method of biometrics for the purpose of authenticating or identifying individuals. For this purpose, images of the iris of the eye are taken with special cameras, the characteristic features of the respective iris are identified using algorithmic methods, converted into a set of numerical values (feature vector, or "template") and stored for recognition by a classification … [Read more...]

In the realm of identity and access management (IAM), security token service (STS) and OAuth are two widely used authentication protocols that facilitate secure access to resources across distributed systems. While both protocols serve similar purposes, they differ in their architectures, capabilities, and use cases. In this article, we'll explore the intricacies of security token service (STS) … [Read more...]

In the ever-evolving landscape of financial markets, security tokens have emerged as a transformative innovation, offering new avenues for capital formation, investment, and asset tokenization. The security token market represents a burgeoning ecosystem where traditional finance intersects with blockchain technology, enabling the digitization and fractionalization of real-world … [Read more...]

The challenge-response procedure is a secure authentication procedure of a participant based on knowledge. Here, one participant sets a task (challenge) that the other has to solve (response) in order to prove that he knows a certain piece of information (common secret) without transmitting this information himself. This is a protection against the password being eavesdropped on by attackers on … [Read more...]

Rainbow Tables are used in password recovery, IT forensics, penetration testing, and password cracking. The Rainbow Table is a data structure that enables a fast, memory-efficient search for the original string (usually a password) for a given hash value. Searching via a rainbow table is considerably faster than using the brute force method, but the memory requirement is higher. Such a trade-off … [Read more...]

A dictionary attack is the method of cryptanalysis that identifies an unknown password (or username) using a list of passwords (often called a wordlist or dictionary). This method is used when it can be assumed that the password consists of a meaningful combination of characters. Experience has shown that this is usually the case. This method is only promising if as many passwords as possible can … [Read more...]

In cryptography, salt is a randomly chosen string of characters that is appended to a given plaintext before it is further processed (e.g., entered into a hash function) to increase the entropy of the input. It is widely used for storing and transmitting passwords to increase information security. Passwords are not stored directly, but are hashed when an account is created, and the hash is … [Read more...]

In our previous articles, we have explained security tokens such as YubiKey. A security token is a piece of hardware used to identify and authenticate users. Occasionally, it is also used to refer to software tokens. They are usually part of a system of access control with two-factor authentication. Other security features must be used for authentication against misuse with this piece of … [Read more...]

Software tokens (also known as soft tokens) are stored on an electronic device, such as a desktop computer, laptop, PDA, or mobile phone, and can be duplicated (unlike hardware tokens, where credentials cannot be duplicated unless one physically enters the device). The counterpart of software tokens is hardware security tokens. Because software tokens are something you don't physically own, … [Read more...]