S/KEY: Difference between revisions

Revision as of 00:34, 7 November 2004

The S/KEY One-Time Password system originally came from Bellcore and is described in RFC 1760. It further evolved through RFC 1938 and RFC 2289 under the name "A One-Time Password System". The system uses a cryptographically strong hash function to generate a sequence of One-Time Passwords from a passphrase and a system identifier or seed. There are several possible hash functions that can be used with the system — MD-4, MD-5 and SHA-1 — but only MD-5 is mandatory to support.

The output of the hash function is not used directly but rather folded down to 64 bits and then either input as a hex string or transformed to the so-called Six Word Format. For this a dictionary of 2048 short (mostly english) words is used, giving 11 bits per word. Six words make up the representation of the hash function's output. The additional two bits are used to store a simple checksum. An example for a resulting password would be TORN ACID SAD VAN RUM BEN.

Let's define the hash function to be used as $H(pass,seed):=F(H_{o}(C(seed,pass)))$ , where $F$ is the folding applied, $H_{o}$ is the original secure hash function (e.g. MD-4, MD-5 or SHA-1) and $C$ is the string concatenation.

The folding function $F$ must shorten the result of $H_{o}$ (either 128 bits for MD-4 and MD-5, or 160 bits for SHA-1) down to a fixed size of 64 bits. This is done by XOR'ing the first and the last halves of the hash for MD-4 and MD-5 and in a similar fashion for SHA-1. See the aforementioned RFC for details.

Initialization

Before a user can use the system it must be initialized.

@@ Line 1: / Line 1: @@
-The S/KEY One-Time Password system originally came from Bellcore and is described in RFC 1760. It further evolved through RFC 1938 and RFC 2289 under the name "A One-Time Password System". The system uses a cryptographically strong hash function to generate a sequence of [[One-Time Passwords]] from a passphrase and a system identifier. There are several possible hash functions that can be used with the system &mdash; MD4, MD5 and SHA &mdash; but only MD5 is mandatory to support.
+The S/KEY One-Time Password system originally came from Bellcore and is described in RFC 1760. It further evolved through RFC 1938 and RFC 2289 under the name "A One-Time Password System". The system uses a cryptographically strong hash function to generate a sequence of [[One-Time Passwords]] from a passphrase and a system identifier or seed. There are several possible hash functions that can be used with the system &mdash; MD-4, MD-5 and SHA-1 &mdash; but only MD-5 is mandatory to support.
 The output of the hash function is not used directly but rather folded down to 64 bits and then either input as a hex string or transformed to the so-called Six Word Format. For this a dictionary of 2048 short (mostly english) words is used, giving 11 bits per word. Six words make up the representation of the hash function's output. The additional two bits are used to store a simple checksum. An example for a resulting password would be <code>TORN ACID SAD VAN RUM BEN</code>.
+Let's define the hash function to be used as <math>H(pass, seed) := F(H_o( C(seed, pass) ))</math>, where <math>F</math> is the folding applied, <math>H_o</math> is the original secure hash function (e.g. MD-4, MD-5 or SHA-1) and <math>C</math> is the string concatenation.
+The folding function <math>F</math> must shorten the result of <math>H_o</math> (either 128 bits for MD-4 and MD-5, or 160 bits for SHA-1) down to a fixed size of 64 bits. This is done by XOR'ing the first and the last halves of the hash for MD-4 and MD-5 and in a similar fashion for SHA-1. See the aforementioned RFC for details.
+== Initialization ==
+Before a user can use the system it must be initialized.

S/KEY: Difference between revisions

Revision as of 00:34, 7 November 2004

Initialization

Navigation menu

Search