authentication question (security code generation logic)
Posted
by Stick it to THE MAN
on Stack Overflow
See other posts from Stack Overflow
or by Stick it to THE MAN
Published on 2010-03-29T12:02:31Z
Indexed on
2010/04/02
4:33 UTC
Read the original article
Hit count: 290
encryption
|authentication
I have a security number generator device, small enough to go on a key-ring, which has a six digit LCD display and a button. After I have entered my account name and password on an online form, I press the button on the security device and enter the security code number which is displayed.
I get a different number every time I press the button and the number generator has a serial number on the back which I had to input during the account set-up procedure.
I would like to incorporate similar functionality in my website. As far as I understand, these are the main components:
- Generate a unique N digit aplha-numeric sequence during registration and assign to user (permanently)
- Allow user to generate an N (or M?) digit aplha-numeric sequence remotely For now, I dont care about the hardware side, I am only interested in knowing how I may choose a suitable algorithm that will allow the user to generate an N (or M?) long aplha-numeric sequence - presumably, using his unique ID as a seed
- Identify the user from the number generated in step 2 (which decryption method is the most robust to do this?)
I have the following questions:
- Have I identified all the steps required in such an authentication system?, if not please point out what I have missed and why it is important
- What are the most robust encryption/decryption algorithms I can use for steps 1 through 3 (preferably using 64bits)?
© Stack Overflow or respective owner