S/KEY

From
Revision as of 01:21, 6 November 2004 by Henryk (talk | contribs)
Jump to navigation Jump to search

The S/KEY One-Time Password system originally came from Bellcore and is described in RFC 1760. It further evolved through RFC 1938 and RFC 2289 under the name "A One-Time Password System". The system uses a cryptographically strong hash function to generate a sequence of One-Time Passwords from a passphrase and a system identifier. There are several possible hash functions that can be used with the system — MD4, MD5 and SHA — but only MD5 is mandatory to support.

The output of the hash function is not used directly but rather folded down to 64 bits and then either input as a hex string or transformed to the so-called Six Word Format. For this a dictionary of 2048 short (mostly english) words is used, giving 11 bits per word. Six words make up the representation of the hash function's output. The additional two bits are used to store a simple checksum. An example for a resulting password would be TORN ACID SAD VAN RUM BEN.

Retrieved from "https://sarwiki.informatik.hu-berlin.de/index.php?title=S/KEY&oldid=93"