This chapter covers:
- User authentication based on passwords.
- User authentication based on symmetric and asymmetric keys.
- User-aided authentication and how humans can help secure connections between devices.
In the introduction of this book, I boiled cryptography down to two concepts: confidentiality and authentication. In real-world applications, confidentiality is (usually) the least of your problems, and authentication is where most of the complexity arises. I know I’ve already talked a lot about authentication throughout this book, but it can be a confusing concept as it is used with different meanings in cryptography. For this reason, this chapter starts with an introduction of what authentication really is about.
As usual with cryptography, no protocol is a panacea. For this reason, the rest of the chapter will teach you about a number of authentication protocols that are being used in a multitude of real-world applications. So let’s get started!
By now, you have heard of authentication many times, so let’s recap. You’ve seen:
- authentication in cryptographic primitives like message authentication codes (covered in chapter 3) and authenticated encryption (covered in chapter 4)
- authentication in cryptographic protocols like TLS (covered in chapter 9) and Signal (covered in chapter 10) where one or both sides of the connection can be authenticated.