[Cryptography] [FORGED] Feedback welcome on autentication/password replacement idea

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Sep 21 01:12:10 EDT 2015

Ilya Kasnacheev <ilya.kasnacheev at gmail.com> writes:

>Boris hashes some secret value many many times recursively (SHA(X),
>SHA(SHA(X)), ...), yielding chain of hashes. Boris gives the last hash in
>chain to Anne. When Boris want to prove that he came back and is genuine, he
>transmits previous hash in the chain. Anne hashes it and looks up if she saw
>that hash before - if she did, it's really Boris.
>Are there holes in this scheme?

No, it's a nice idea, but it's also been around since at least the 1980s.
Google S/Key for starters


More information about the cryptography mailing list