Hello, I'm about to implement an OTPasswd (mostly like s/key) scheme to my www browsers/clients/proxy, but I was wondering is the mere principle of storing H^n(S) and requesting H^(n-1) from peer (H beeing your favorite one way strong hash function (MD5), and S your seed+secret passwd) could possibly be patented somehow and thus preventing using a similar scheme without getting a license (from bellcore?),.... if there are any usage conditions/restrictions?,... Also, can one compute the amount of information (if any) leaked by the method, ie, an attacquant who would have all the H^i i={a...b} (by snooping for instance) would have is job easied, and by 'how much' to find S? (or H^a-1) . is there any studies on that for H=MD[45] ? (and what is the status of free use of MDx btw ?) ps: I just an a thought that maybe the last P in elementrix POTP would be Passwd and not Pad... it could still be quite interesting to have H^n(S) (maybe variant with large n) used has 'secret' keys between parties, you'll get lots of plus against standard attacks, provided that there is no problem with know the function H^n for several (possibly large) n... hmmm why this hasn't been implement ? what obvious flaw am I missing ? dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept Soviet NORAD SDI $400 million in gold South Africa plutonium KGB