Friday, 14 October 2016

Replay attack explained

A replay attack is an attack where an authentication session is replayed by an attacker to fool a computer into granting access.

It may be any form or retransmission of a network data transmission
but is usually used to gain authentication in a fraudulent manner.

Ways to prevent replay attacks from succeeding are:

1. Assign a random large session token to a session and the sender of the password sends a password modified by the session token value. The session token may only be used once. The authentication information sent may be the hash of the password added to the session token and hashed again.

2. The authentication session considers the time the transaction takes place. The password may tied in with an approximate timestamp and modified accordingly.

No comments:

Post a comment