List of one-shot passwords
Perry E. Metzger
pmetzger at lehman.com
Thu Nov 18 10:21:31 PST 1993
Matthew J Ghio says:
> "Alan (Gesture Man) Wexelblat" <wex at media.mit.edu> wrote:
>
> > It seems to me that a simpler solution than challenge-response would
> > be to emultate the tear-sheet crypto systems and just have a series of
> > one-shot passwords generated. Each time you log in, it requires the
> > next password from the sheet, so capturing the old one does no good
> > (just as breaking the one-time codes from tear sheets doesn't help).
> >
> > Now if I could just figure out a simple way to do this on UNIX...
>
> You can use a sequential PRNG to do this, and then add a scrambling
> system to the output (to confuse anyone trying to break the pattern). I
> once wrote a program to do this (just for experimentation, and not in
> UNIX...).
You want to use a cryptographically strong one, however, because most
PRNGs are easily guessed. This in practice means using MD5 or DES or
IDEA or something as an RNG.
Perry
More information about the cypherpunks-legacy
mailing list