Attack on the GridCode one-time password

@inproceedings{Molloy2011AttackOT,
  title={Attack on the GridCode one-time password},
  author={Ian Molloy and Ninghui Li},
  booktitle={AsiaCCS},
  year={2011}
}
SyferLock presents a one-time password system, GridCode, that allows an unaided human to authenticate, reducing the cost of deployment. The one-time password system is a human computable challenge-response protocol which they claim defends against key-logging, replay, and brute force attacks, among others. We evaluate the security of the Grid-Code one-time password system and challenge these claims. We identify weak preimage resistance and character independence as key weaknesses of the… CONTINUE READING

References

Publications referenced by this paper.
Showing 1-6 of 6 references

NIST SP 800-63 Electronic Authentication Guideline

  • W. E. Burr, D. F. Dodson, W. T. Polk
  • Technical report, NIST,
  • 2006
Highly Influential
4 Excerpts

Guessing and entropy

  • J. L. Massey
  • International Symposium on Information Theory,
  • 1994
Highly Influential
4 Excerpts

Similar Papers

Loading similar papers…