A Human Doable Challenge-Response System is a theoretical approach to secure identification between two parties. Its implementation would be used as an alternative to passwords and biometric security measures.
Preface Most identity verification methods on the website involve using passwords or by recognizing a pre-defined picture displayed on the website. eg: SiteKey Image on Bank of America's website. These methods are still vulnerable to phishing attacks other attacks of the same nature.
Basics Each person has a unique function that the system he is trying to log into is also aware of. The function must fit two constraints: # If somebody sees pairs , they still cannot compute for some they haven’t seen. # It must be computable in the person's head
The system will issue the challenge where the user must return the answer in order to log in.
Failed Example:
After you see for two different values of , you can learn the secret function
Advantages This system prevents against phishing sites as well as untrusted terminal attacks. By having a secret function rather than a passphrase, even if the malicious party received they would not be able to comprise the user's information.
Pitfalls A function that fits the properties above is difficult to come by, especially if many users must be provided with unique secret functions.