Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Dec 2017 09:58:52 -0500
From: "Denny O'Breham" <obreham@...il.com>
To: passwords@...ts.openwall.com
Subject: Re: Authentication vs identification

I'm not sure what you mean by 'false entities', but let's use a
physical example.

Say you want to rent storage space.  Each client has access to a
private locker.  Let's look at two business models.

In business model one, I have all keys for every locker.  When a
client wants access to his locker, I ask for his name (identification)
and his driver's license (authentication).  Once I'm sure everything
is OK, I open the locker under his name for him and lock it again once
he's finished.

In business model two, when someone ask for storage space, I give him
a key that correspond to a specific locker.  The person is now
responsible for that key and anyone who has it can use the locker.
The key (which I gave to the client and has no link whatsoever with
him) is now accomplishing both the identification and authentication
of the client.

On 12/16/17, e@...tmx.net <e@...tmx.net> wrote:
> On 12/16/2017 03:21 PM, Denny O'Breham wrote:
>> A token in a cookie.  The user did not give the info in the cookie, it
>> was put on his computer by the website, he doesn't even know it
>> exists, yet it is used each time he makes a request during his session
>> for authentication.
>
> a user and a browser are FALSE ENTITIES in this problem.
> the interaction is between the client and the server.
> the client authenticates self -- regardless of the technical routines
> going on on the client side, they are irrelevant to the problem altogether.
>
>
>>
>> On 12/16/17, e@...tmx.net <e@...tmx.net> wrote:
>>>> Although authentication typically requires the active participation of
>>>> the
>>>> prover, while identification may not, that is not the crucial
>>>> distinction.
>>>> It would be a mistake to define the difference in those terms.
>>>
>>> a counterexample?
>>>
>
>

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ