Yes, I think your conclusions are pretty much correct..
Some comments: firstly, (and lots of ppl might not agree), I'm not so sure that the username/password combination is the only one available for most authentication jobs.
To cite an example, assume that you and the authenticator decide on a mathematical formula (ie: take number x, subtract 10, multiply by 3 etc etc). When you attempt to login, you are prompted with a number, and it is upto you (as the person attempting to login) to remember the formula, apply it to the number and return to the server. The server authentication 'remembers' the number it sent you, and it knows the formula that you agreed upon...so, its another means of authentication (but not even close to foolproof, of course)..but the point is that part of the authentication is dynamic, so chances of a replay attack are reduced...
To take this one step further, this is an interesting link I found that does something similar..
One of the references mentioned in this node is probably the most widely used means of authentication so far.. session based authentication.. Essentially, the webserver needs to cooperate and send a session key for use by the client side encryption. In this way, anybody seeing the client side encryption code still won't know the session key used in the encryption, and thus, this provides better security..
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.
| & || & |
| < || < |
| > || > |
| [ || [ |
| ] || ] ||