begin quoting David Brown as of Sat, Aug 30, 2008 at 11:04:49AM -0700: > On Sat, Aug 30, 2008 at 01:08:27AM -0700, SJS wrote: > > >>I'm familiar with the S/Key system. One disadvantage to it is that > >>for a given authentication, you have to give it a specific password > >>off of the list. The passwords are each password on the list is > >>basically the hash result of all of the following passwords. So, > > > >s/following/preceding/ > > No, I really meant "following". Or, think of it as a hash chain > printed in reverse. > > It's actually H(H(H(H(...(H(s)))))). Each password is simply the hash > of the following one on the list. The bottom one is basically the > hash of a secret, or could just be arbitrary.
Ah, that's an artifact of your notation. If you use a *reasonable* notation, then the displayed ordering will match the actual ordering: s H ... H H H H H (or maybe "secret hash ... hash hash hash hash hash" for readability) If you're going to use prefix notation, you have to evaluate it from the inside out, y'know. H(s) is computed before -- thus precedes -- H(H(s)). > The server stores the top hash on the list and nothing else. In order > to authenticate, you must present a password that when hashed produces > the value that the server has stored. This was easy for you to > compute, since you computed the list backward, but the server doesn't > know anything other than the already used passwords. Yes. I got that. :) -- Just don't start telling me that little-endian makes more sense than big-endian. Stewart Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
