Within the ASN.1 structure of an ArcotID PKI (not in the ArcotID PKI attributes), an ArcotID PKI may store a partial hash of the password. This is an optional feature and it is controlled by the server that creates the ArcotID PKI.
The presence of the partial hash enables a portion of the invalid password to be tested on the client-side. This prevents user lockouts due to typos. However, systematic attempts like brute-force attack on the password will still be prevented.
The size of the partial hash is also configurable when the partial hash is stored in the ASN.1 structure. Configuring the size of the partial hash can help balance the trade-off between convenience (less user lockouts) and security (preventing attackers who are attempting to guess the password.)
Note: The partial hash functionality may be deprecated in the future release.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|