Many remote (e.g., client/server based) authentication systems today use password-based authentication. With this approach, a user that is authorized to access a secured server system selects (or is provided) a password, such as a sequence of alphanumeric characters. The password is stored on the server system. When the user wishes to login to the server system, the user transmits, via his/her client device, the password over a network to the server system. If the transmitted password matches the version stored on the server system, the user is granted access.
One pitfall with basic password-based authentication as described above pertains to the way in which the password is transmitted over the network from the client device to the server system. If the password is transmitted in plain text (i.e., unencrypted) form, a malicious agent may be able to “sniff” the network and intercept the password during transmission. The malicious agent may thereafter use the password to gain unauthorized server access.
To prevent this scenario, some password-based authentication systems rely on a one-way hashing function to hash the password, at the user's client device, at the time of a login attempt. The resulting hashed version of the password (referred to as a “hash” or “hash value”) is then transmitted by the client device to the server system in lieu of the plain text password. This mechanism secures the password from network sniffers, since a network sniffer generally will not be able to recover the plain text password from its hashed version. At the server side, the server system receives the hashed version of the password and compares it to a password hash that the server system has previously computed (using the same one-way hash function as the client device). If the hashes match (indicating that the transmitted password is correct), the user is granted access.
Unfortunately, while password hashing works well for thwarting network sniffing attacks, password hashing by itself cannot protect against certain other types of attacks that malicious agents may use to compromise the security of a password-based authentication system. For example, a malicious agent may steal a user's password by “looking over the shoulder” of the user while he/she is typing the password into his/her client device, or by using a keystroke logging program to capture the user's keystrokes. In these instances, the hashing mechanism described above is ineffective because the malicious agent can steal the plain text password before it can be hashed. The malicious agent can subsequently take the stolen password and use it at any other client device (which will generally use the same one-way hash function as the original user's client device) in order to gain access to the server system.