ISC2 CISSP Exam - Topic 1 Question 114 Discussion

A characteristic of a challenge/response authentication process is transmitting a hash based on the user's password. A challenge/response authentication process is a type of authentication method that involves the exchange of a challenge and a response between the authenticator and the authenticatee. The challenge is usually a random or unpredictable value, such as a nonce or a timestamp, that is sent by the authenticator to the authenticatee. The response is usually a value that is derived from the challenge and the user's password, such as a hash or a message authentication code (MAC), that is sent by the authenticatee to the authenticator. The authenticator then verifies the response by applying the same algorithm and password to the challenge, and comparing the results. If the response matches the expected value, the authentication is successful. Transmitting a hash based on the user's password can provide a secure and efficient way of proving the user's identity, without revealing the password in plaintext or requiring the storage of the password on the authenticator. Reference: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 5: Identity and Access Management, page 208; [Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 5: Identity and Access Management, page 297]