Password protection, time limited validity

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

Threaded View

Does anyone here know of e.g. asymmeric coding algorithms that support
this use case:

- A control system has parameters to tune the process, protected with
  password.

- The only communication link we can be sure to have is voice or e-mail.

We would like a system where a time limited password could be given.

One idea is, that the password could change over time, and that a
password could be obtained from a server at our headquarters.

It should not be possible to deduce the algorithm by knowing some
valid passwords.

Since this is an embedded system, passwords on a
plant- or unit level would require a lot of administration.

--
mdc at manbw dk  -  MAN B&W Diesel A/S, Copenhagen
www.manbw.com    -  Electronics & software dept.
We've slightly trimmed the long signature. Click to see the full one.
Re: Password protection, time limited validity
Quoted text here. Click to load it

Can you use two-way communication for the passwords?

I'm thinking about a challenge-handshake algorithm
like that used by the PPP autenthication, PAP (and
many others).

Build a long enough random number generator into
the system, step it with each password use, and
encrypt the real password with the random number.

This means that the customer needs to read the
random number (the challenge) from the embedded
system and get from you an encrypted password
which is useful with that challenge only, so
you do not need to show the real secret at all.

--

Tauno Voipio
tauno voipio (at) iki fi


Re: Password protection, time limited validity
Quoted text here. Click to load it
Sounds interesting! And yes, it would be possible to ask
for such a key from the system, and then give them a
password. This feature will be used only when authorized
persons from our company are involved, either on site or
by phone or mail.

- Somehing like that came up in our brainstorm too.

--
  Mogens Dybk Christensen
  e-mail mdc at mail dot tele dot dk

Re: Password protection, time limited validity
Give all units an initial decryption key.  Encrypt the terminating date
and a new decryption key, send this to all units to update them.  Encrypt
the date alone to be the password.

--
#include <standard.disclaimer>
 _
Kevin D Quitt  USA 91387-4454         96.37% of all statistics are made up
We've slightly trimmed the long signature. Click to see the full one.
Re: Password protection, time limited validity

Quoted text here. Click to load it

As stated earlier, this is an embedded system with no links to the outside
world. So "update all units" is not an option.

The only contact is through the eys and hands of a person standing in
front of it. He is assumed to have access to e-mail or phone.

But your idea may be tweaked a bit, so we could give a unit a time limited
password.  ;-)

--
  Mogens Dybk Christensen
  e-mail mdc at mail dot tele dot dk

Re: Password protection, time limited validity

Quoted text here. Click to load it

My fees are reasonable.  8o)
--
 _
Kevin D. Quitt                       snipped-for-privacy@Quitt.net
          96.37% of all statistics are made up

Re: Password protection, time limited validity

Quoted text here. Click to load it

Assuming that the units have a clock onboard and a unit_unique_key;

Store unit id's and unit_unique_keys on a server. Calculate hash of
day+month+ year+unit_unique_key and convert to password (decimal, hex,
alphanumeric) .
Hand date + password + unit-id to operator.

At the unit; do the same calculation and compare entered password and
calculated password.

This way the password is valid for one day. Of course you can use the week,
or day/3 etc

For hash algorithms see MD5,  SHA1, RIPEMD160, all free of patents.

Wim.



Site Timeline