LOGBOOK

HELP

Quiz Entry - updated: 2026.05.31

In a challenge-response authentication flow, what's the difference between client-side and server-side authentication?

Client-side: the server challenges the client to prove who it is. Server-side: the client challenges the server to prove who it is. The verifier is whoever sends the challenge.

The pattern is always: Question (challenge) → Answer (response) → Überprüfung (verification).

  • Client-side authentication — Server sends Question1, Client replies Answer1, Server verifies and confirms Authenticated1. (The client is proving its identity.)
  • Server-side authentication — Client sends Question2, Server replies Answer2, Client verifies. (The server is proving its identity — e.g. a TLS certificate.)

Why challenge-response at all? The challenge is a fresh, random value. The responder proves it can produce the correct answer for that specific challenge, which defeats replay attacks — an old captured answer won't match a new challenge.

Tip: "Who sends the question is the one doing the checking." Most logins authenticate the client; HTTPS authenticates the server (the padlock).

From Quiz: ISF / Integrity & Content Authenticity (C2PA) | Updated: May 31, 2026