Showing papers on "Rainbow table published in 2002"

Simple, secure login with multiple authentication providers

Abstract: A secure distributed single-login authentication system comprises a client and a server. The client collects a user name and password from a user and tests that user name and password at a variety of potential authentication servers to check where the login is valid. It combines the password with a time varying salt and a service specific seed in a message digesting hash and generates a first hash value. The client sends the hash value along with the user name and the time varying salt to a currently selected server. The server extracts the user name and looks up an entry under the user name from the selected server's database. If an entry is found, it retrieves the password and performs the same hash function on the combination of the user name, the service specific seed, and the retrieved password to generate a second hash value. Then, it compares two hash values. If these two values match, the user is authenticated. In this way, the system never sufficiently reveals the password to authentication agents that might abuse the information.

Method and apparatus for a packet classifier

Abstract: In one embodiment, a method for efficiently classifying packets for a multi-processor/mutli-thread environment is provided. The method initiates with receiving a packet. Then, header information is extracted form the received packet. Next, a first hash value is calculated. Then, a field of interest in a lookup table is determined from the first hash value. Next, a second hash value is calculated. Then, the second hash value is compared to stored hash values in the field of interest of the lookup table to determine a match between the second hash value and one of the values in the field of interest of the lookup table. If there is a match, the received packet is transmitted to a processor corresponding to the one of the values in the row location of the lookup table. A network interface card and a system for efficiently classifying packets in a multicore/multithread environment are also provided.

Method and apparatus for a four-way hash table

Abstract: A number of hash tables are accessed concurrently with a different computed index based on a single search key for each hash table. Each index identifies a location in one of the hash tables capable of storing at least one entry. If all indexed locations are used, the entries stored in the lookup table can be reordered so that the new entry can be inserted in one of the locations identified by the computed indexes.

Incremental reorganization for hash tables

Abstract: Incremental reorganization of hash tables includes a copy phase and a clean phase. In the copy phase, used entries from an alternate hash table (AHT) are copied to a current hash table (CHT). During copying, hash table operations are allowed to access both tables. In the clean phase, entries in the AHT are marked as empty, and hash table operations are allowed to access only the CHT. Once all used entries have been copied from the AHT to the CHT, the clean phase begins. Once all entries in the AHT have been marked as empty during the clean phase, the two tables are switched and the copy phase begins. The copying or cleaning occurs with every hash table operation, a number of hash table operations, or a number based on analysis of recent hash table operations. Copying also occurs by avoiding copying of deleted or expired entries in the AHT. The present invention is suited to use in multithreaded real-time systems.

Generating and maintaining encrypted passwords

Abstract: A system, method and program of the invention provides an application program tool that generates a password for a user to access a resource. The tool receives as input from a user a global user password and at least one hash key. The tool applies a consistent algorithm to the name of the resource being accessed, such as a domain name for an Internet site, and the hash key, and the global user password to generate the password. The same password is regenerated the next time the user accesses the same resource. The tool automatically populates the resource with the password.

OPA: a one-time password system

Abstract: Most network applications authenticate users with an account name/password system. Systems using reusable passwords are susceptible to attacks based on the theft of the password. One-time password systems attempt to alleviate the problem of "sniffed" passwords by making the replay of a password useless. However, one-time password systems require the use of a generator that creates the one-time password. The added inconvenience (and in some cases cost) of the generator has limited the wide spread application of one-time password systems. OPA (One-time Password Algorithms) implements a system that allows users to protect their accounts with a one-time password that adds minimal additional complexity over a simple reusable password system. OPA does not offer the degree of security provided by most other one-time password systems but can provide additional security when compared to reusable passwords.