authentication question (security code generation logic)

Posted by Stick it to THE MAN on Stack Overflow See other posts from Stack Overflow or by Stick it to THE MAN
Published on 2010-03-29T12:02:31Z Indexed on 2010/04/02 4:33 UTC
Read the original article Hit count: 290

Filed under:
|

I have a security number generator device, small enough to go on a key-ring, which has a six digit LCD display and a button. After I have entered my account name and password on an online form, I press the button on the security device and enter the security code number which is displayed.

I get a different number every time I press the button and the number generator has a serial number on the back which I had to input during the account set-up procedure.

I would like to incorporate similar functionality in my website. As far as I understand, these are the main components:

  1. Generate a unique N digit aplha-numeric sequence during registration and assign to user (permanently)
  2. Allow user to generate an N (or M?) digit aplha-numeric sequence remotely For now, I dont care about the hardware side, I am only interested in knowing how I may choose a suitable algorithm that will allow the user to generate an N (or M?) long aplha-numeric sequence - presumably, using his unique ID as a seed
  3. Identify the user from the number generated in step 2 (which decryption method is the most robust to do this?)

I have the following questions:

  • Have I identified all the steps required in such an authentication system?, if not please point out what I have missed and why it is important
  • What are the most robust encryption/decryption algorithms I can use for steps 1 through 3 (preferably using 64bits)?

© Stack Overflow or respective owner

Related posts about encryption

Related posts about authentication