OneTimePasswd (not Pad)
Laurent Demailly
dl at hplyot.obspm.fr
Fri Oct 13 05:50:42 PDT 1995
Hello,
I'm about to implement an OTPasswd (mostly like s/key) scheme to my
www browsers/clients/proxy, but I was wondering is the mere principle
of storing H^n(S) and requesting H^(n-1) from peer (H beeing your
favorite one way strong hash function (MD5), and S your seed+secret
passwd) could possibly be patented somehow and thus preventing using a
similar scheme without getting a license (from
bellcore?),.... if there are any usage conditions/restrictions?,...
Also, can one compute the amount of information (if any) leaked by the
method, ie, an attacquant who would have all the
H^i i={a...b} (by snooping for instance) would have is job easied,
and by 'how much' to find S? (or H^a-1) . is there any studies on
that for H=MD[45] ? (and what is the status of free use of MDx btw ?)
ps: I just an a thought that maybe the last P in elementrix POTP would
be Passwd and not Pad... it could still be quite interesting to have
H^n(S) (maybe variant with large n) used has 'secret' keys between
parties, you'll get lots of plus against standard attacks, provided
that there is no problem with know the function H^n for several
(possibly large) n... hmmm why this hasn't been implement ? what
obvious flaw am I missing ?
dl
--
Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom
Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept
Soviet NORAD SDI $400 million in gold South Africa plutonium KGB
More information about the cypherpunks-legacy
mailing list