Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Mutual Authentication scheme

from [Nick Owen] Network Security [Permanent Link]
Subject: Re: Mutual Authentication scheme
Date: Fri, 09 Mar 2007 15:41:42 -0500 
Danny wrote:

I am developing a web solution for the company that I work for and would
like to have as much security as possible. SSL only authenticates the
server to the client and I would like a way to authenticate both parties
to each other. Any ideas/suggestions?

BTW: I will be using Apache 1.3.29 w/ mod_ssl, and OpenSSL v0.9.7
running on OpenBSD 4.0

Thanks,
Danny


Danny:

Not sure if you want two-factor authentication as part of that, but both
our open source and commercial versions include mutual authentication.

The server stores a copy of the web site's ssl cert and sends a hash of
it to the token client along with the URL when an OTP is requested. The
token client goes out through the user's internet connection to the URL,
grabs the cert, hashes it and compares the two. If the hashes match, the
user is given the OTP and the default browser is launched to the correct
SSL website. On the downside, it means software on the client.

Hope that helps and is not too spammy.

http://www.wikidsystems.com
https://sourceforge.net/projects/wikid-twofactor/

Nick

-- 
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
https://www.linkedin.com/in/nickowen
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: System service grapher, Baki Gábor
Next by Date:  RE: Security Risks and contorls of Wireless mouse and keyboards, Scott Ramsdell
Previous by Thread:  Mutual Authentication scheme, Danny
Next by Thread:  Re: Mutual Authentication scheme, Devdas Bhagat
Indexes:  [Date] [Thread] [Top] [All Lists]