[Cryptography] [FORGED] Feedback welcome on autentication/password replacement idea
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Sep 21 01:12:10 EDT 2015
Ilya Kasnacheev <ilya.kasnacheev at gmail.com> writes:
>Boris hashes some secret value many many times recursively (SHA(X),
>SHA(SHA(X)), ...), yielding chain of hashes. Boris gives the last hash in
>chain to Anne. When Boris want to prove that he came back and is genuine, he
>transmits previous hash in the chain. Anne hashes it and looks up if she saw
>that hash before - if she did, it's really Boris.
>
>Are there holes in this scheme?
No, it's a nice idea, but it's also been around since at least the 1980s.
Google S/Key for starters
Peter.
More information about the cryptography
mailing list