On Sat, Aug 30, 2008 at 01:08:27AM -0700, SJS wrote:
I'm familiar with the S/Key system. One disadvantage to it is that
for a given authentication, you have to give it a specific password
off of the list. The passwords are each password on the list is
basically the hash result of all of the following passwords. So,
s/following/preceding/
No, I really meant "following". Or, think of it as a hash chain
printed in reverse.
It's actually H(H(H(H(...(H(s)))))). Each password is simply the hash
of the following one on the list. The bottom one is basically the
hash of a secret, or could just be arbitrary.
The server stores the top hash on the list and nothing else. In order
to authenticate, you must present a password that when hashed produces
the value that the server has stored. This was easy for you to
compute, since you computed the list backward, but the server doesn't
know anything other than the already used passwords.
David
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
