We present a method for zero-knowledge, hash-based challenge-response network authentication in lieu of transmitting a password across the network. Zero-knowledge protocols, like our method, offer authentication alternatives to prevent a third-party from discovering a password after intercepting network data. Our method makes use of one-way hash functions to generate a response from a randomly-created challenge code supplied by an identity verifier. Our method also makes use of dynamic engagement for choosing which hash functions are used on a per-case basis, in order to thwart reversal of our method in the event of future discovery of weaknesses in any of the deployed hash functions.

Zero-Knowledge and You: A Beginner’s Guide to SPHiNX & Challenge-Response Protocols (PDF)

Webpage running SPHiNX