[Cryptography] Feedback welcome on autentication/password replacement idea

Howard Chu hyc at symas.com
Sun Sep 20 23:46:03 EDT 2015

Ilya Kasnacheev wrote:
> Hello, I want to share my idea with you. If some places are not clear enough,
> you can try to guess or just ask me.
> Main idea:
> Boris hashes some secret value many many times recursively (SHA(X),
> SHA(SHA(X)), ...), yielding chain of hashes.
> Boris gives the last hash in chain to Anne. When Boris want to prove that he
> came back and is genuine, he transmits previous hash in the chain. Anne hashes
> it and looks up if she saw that hash before - if she did, it's really Boris.
> Are there holes in this scheme?

This is precisely how S/Key works.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

More information about the cryptography mailing list