9.26

Explain what is a challenge-response system for authentication. Why is it more secure than a traditional password-based system?


The following is taken from wiki.

Challenge-response authentication is a family of protocols in which one party presents a question (“challenge”) and another party must provide a valid answer (“response”) to be authenticated.

The simplest example of a challenge-response protocol is password authentication, where the challenge is asking for the password and the valid response is the correct password.