concept authentication in category cryptography

This is an excerpt from Manning's book Real-World Cryptography MEAP V09. Login to get full access to this book.

Authentication. It is about identifying who we are talking to. For example, this can be helpful in making sure that messages we receive indeed come from Alice.

In the introduction of this book, I boiled cryptography down to two concepts: confidentiality and authentication. In real-world applications, confidentiality is (usually) the least of your problems, and authentication is where most of the complexity arises. I know I’ve already talked a lot about authentication throughout this book, but it can be a confusing concept as it is used with different meanings in cryptography. For this reason, this chapter starts with an introduction of what authentication really is about.

Figure 11.12. Alice registers with example.com using TOTP as authentication, by importing a symmetric key from the website into her TOTP application. Later, she can ask the application to compute a one-time password for example.com, and use it to authenticate with the website. Example.com just has to fetch the symmetric key associated to Alice, and compute the one-time password as well (using HMAC and the current time), then compare it in constant-time with what she sent.