One-Time Passwords are a special authentication scheme for use over insecure lines without the need for complex encryption and utilizing the normal login procedure. They can usually be safely used with telnet or plain ftp for example. The basic idea is to use a different password each time authentication is needed and to never reuse a used password. Also it must not be possible to easily compute yet unused passwords even with complete knowledge of all used passwords so far.
There are two types of One-Time Password systems:
- Pregenerated lists of completely random passwords, and
- Systems based on a non-inversible function, e.g. cryptographically secure hash functions
In these systems a list of several passwords is generated, usually using a cryptographically strong random number generator and distributed to the user. The authenticating system retains a copy of the list for each user and when authentication is to be performed the user picks a password from her list and uses it. When the authenticating system finds that the password is in its copy of the list the authentication succeeds and the password is marked invalid or deleted from the list.
- Strong random generation means there is no way to predict one of the valid passwords with significantly higher probability than pure chance.
- The user must keep the list of valid passwords with her all the time, when she wants to do authentication.
- The list must be transferred to the user in a secure manner.
A typical example for these systems is the PIN/TAN-Verfahren used by most German banks. Each TAN is a One-Time Password that was randomly generated and only valid for authenticating once.
These systems depend on a cryptographically strong hash function and are basically challenge/response systems for which the challenge can be known in advance.
- The list of passwords doesn't need to be computed in advance. It must however be possible to securely establish a shared secret between the user and the authenticating system.
- When the user has the ability to compute the response she doesn't need to keep a list with her. For example she might have a token with her that will do the computation, or access to a secure computer system.
- As there is some mathemathical function underlying the computation of the passwords there might be a way to either reverse the hash function used, or one can simply conduct a brute-force search on the shared secret.
A typical example for these types of systems are the S/KEY system or OPIE which can be used to authenticate to regular Unix-type servers. A different example are the SecurID tokens used by several Swiss banks.