TB

taylor byrnes

Cryptology

Cryptology is an area of personal interest, I have no formal training in the subject. Although I am not at the level of designing ciphers I have devised a couple methods of securely authenticating users, one of which is provided below. This method is patent-free everywhere in the world. Disclaimer: Before using it you should consult a professional, I cannot guarantee its security.

Public key based

This method is my preferred method of authenticating users. It has several benefits, even compared to password-based authentication over an encrypted connection. The password is never transmitted to the server, even in hashed form. This might leave you wondering how the server can be sure the user knows the password, the answer is in public key cryptography. The normal downside to public key cryptography is the required possession of a private key, by combing public key cryptography with symmetric cryptography this limitation can be overcome. The method is outlined below:

Password Creation

  1. The user generates public and private keys (RSA suggested)
  2. The user encrypts their private key with a symmetric cipher (AES suggested). They key for the symmetric cipher is the user's password
  3. The user provides their plaintext public key and encrypted private key to the server

Authentication

  1. The server generates a large random number from a secure (pseudo) random number generator and encrypts it with the user's public key
  2. The server transmits this encrypted number along with the user's encrypted private key
  3. The user decrypts their private key using their password as the key
  4. The user decrypts the large random number using their private key and sends it to the server.
  5. If the numbers match the user is guaranteed to know the password because they were able to access the private key and decrypt the random number

Hash based

This method is not published because I feel the method outlined above is superior and has significant security advantages. If you are still interested in a secure method of authenticating users using only hash functions and a dynamic salt please Contact Me. I will publish it (patent free) if it there is interest.