challenge/response

views updated

challenge/response A means of authentication in which the system poses a challenge to the user who must give the correct response to prove his identity. In the most common implementation, a unique number is sent as the challenge; the response should be the result of a cryptographic calculation using the challenge and a secret, such as a password, that is known only to the legitimate user. A third party who captures this exchange will be unable to reuse it to authenticate himself, as the challenge will be different on every occasion.