What is challenge-response authentication?

29 stycznia 2019 14:39

1 Odpowiedź


29 stycznia 2019 14:40

It's no secret that in recent years, most manufacturers equip cartridges for printers and copiers with chips. This phenomenon takes on an avalanche-like character and it is likely that in the future all cartridges of any manufacturer will be equipped with them. Often, the cartridge does not change the appearance either, and when buying, many users do not even know about the upcoming complications.


CRAM (Challenge-Response Authentication Mechanism) uses a cryptographic protocol that allows you to prove that the user knows the password without disclosing the password itself. Using this method, the application first receives a random request from the server. It then calculates the response by applying a cryptographic hash function to the server request in conjunction with the user's password. Finally, the application sends the response along with the original request back to the server. Due to the "one-way" hash function, it is not possible to recover the password from the response sent by the application.


Call-answer authentication (English Challenge-response authentication; call-response - authentication method in which the secret (in this case, the password) is not transmitted over the communication channel.


The simplest method of such authentication (when storing passwords in clear form):

  1. A client wishing to be authenticated sends a request to start a communication session, in response to this, the called party (server) sends arbitrary but different information each time (for example, current date and time) to the client.
  2. The client appends a password to the received request and from this line calculates a hash (for example, MD5) and sends it to the server.
  3. The server performs similar actions with the value sent and compares the result. If the hash values match, then the authorization is considered successful.

CRAM does not support the security mechanism.