A fair and dynamic password authentication system

In this paper, we first present the concept of a “fair” password authentication system which means that when a user provides a password that is unable to pass the authentication, the system is capable of taking a step ahead to detect and determine the real cause of the authentication failure, whether it was the user´s own problem or that the authentication files had already been tampered with or damaged. Then, based on the theory of quadratic residue and computational difficulty of solving the integer factorization problem, we propose a “simple” password authentication system which is fair and dynamic (meaning that a user´s password is different and dynamically created each time he logins). By a simple password authentication system we mean a one-way authentication system for a multi-user system to authenticate legitimate users and determine whether the user may log in and access system resource. Accordingly, in a simple password authentication system, we do not address the problem of session key exchange and distribution. Nevertheless, the proposed system does satisfy most security characteristics of conventional password authentication systems.