Oberon || Library || Module Index || Search Engine || Definition || Module

Ulm's Oberon Library:
PasswordShards

NAME

PasswordShards - authorization based on knowing a secret

SYNOPSIS

TYPE Pot = POINTER TO PotRec;
TYPE PotRec = RECORD (Shards.PotRec) END;
TYPE Lid = POINTER TO LidRec;
TYPE LidRec = RECORD (Shards.LidRec) END;



PROCEDURE CreatePot(VAR pot: Shards.Pot; password: OneWayHashes.Value);
PROCEDURE CreateLid(VAR lid: Shards.Lid; password: OneWayHashes.Value);

DESCRIPTION

PasswordShards provides lids that can be reproduced at any time from some secret information, traditionally called password, and pots that can verify these without actually storing the original information.

For practical reasons, fixed-length, high-entropy hash values are preferred over arbitrary-length, low-entropy messages users might have typed in for pass phrases. Applications should perform a suitable hash function, such as MD5, on these phrases and use the generated hash values with procedures of this module.

CreateLid creates a lid containing the given information. Note that secure transmission of lids is not an issue addressed by this particular implementation.

CreatePot creates a pot accepting lids with the given information while denying any other one almost certainly. Additional salting and hashing steps are employed to hide the original information, so that matching lids cannot feasibly be derived from pots alone. As a consequence, Shards.Supply is of course not supported.

SEE ALSO

Shards
abstraction for authorization protocols
OneWayHashes
abstraction for one-way hash functions
RandomGenerators
abstraction for pseudo random number generation
PersistentObjects
abstraction for persistent objects

AUTHOR

Martin Hasch, University of Ulm
Edited by: martin, last change: 1998/04/10, revision: 1.1, converted to HTML: 1998/04/10

Oberon || Library || Module Index || Search Engine || Definition || Module