Matthew J Ghio says:
"Alan (Gesture Man) Wexelblat" <wex@media.mit.edu> wrote:
It seems to me that a simpler solution than challenge-response would be to emultate the tear-sheet crypto systems and just have a series of one-shot passwords generated. Each time you log in, it requires the next password from the sheet, so capturing the old one does no good (just as breaking the one-time codes from tear sheets doesn't help).
Now if I could just figure out a simple way to do this on UNIX...
You can use a sequential PRNG to do this, and then add a scrambling system to the output (to confuse anyone trying to break the pattern). I once wrote a program to do this (just for experimentation, and not in UNIX...).
You want to use a cryptographically strong one, however, because most PRNGs are easily guessed. This in practice means using MD5 or DES or IDEA or something as an RNG. Perry