Check out the new USENIX Web site. next up previous
Next: Pseudo Random Number Generators Up: Communications Security Previous: Practical Uses


S/Key [11,10] is a one-time password system used for authentication. It provides protection against replay attacks where a third party captured a password, e.g., by means of network sniffing, and tries to reuse it in a new authentication session.

S/Key uses a user supplied secret pass-phrase which is processed by a one-way function to generate a sequence of one-time passwords. In OpenBSD the one-way function can be chosen from a variety of computationally non-invertible hash functions like MD5 [34] or SHA1 [28], available in libc. S/Key is still useful when other cryptographic protocols are not available, or their implementations are not fully trusted, e.g., when using a conference terminal room to login to a home machine.

& D. Keromytis