Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
S/KEY
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Authentication== [[File:skey authentication.svg|thumb|320px|S/KEY authentication]] After password generation, the user has a sheet of paper with ''n'' passwords on it. If ''n'' is very large, either storing all ''n'' passwords or calculate the given password from ''H''(''W'') become inefficient. There are methods to efficiently calculate the passwords in the required order, using only <math>\left\lceil\frac{\log n}{2}\right\rceil</math> hash calculations per step and storing <math>\lceil\log n\rceil</math> passwords.<ref>D. Yum, J. Seo, S. Eom, and P. Lee, “Single-Layer Fractal Hash Chain Traversal with Almost Optimal Complexity,” Topics in Cryptology–CT-RSA 2009, pp. 325–339, 2009. [https://doi.org/10.1007/978-3-642-00862-7_22]</ref> More ideally, though perhaps less commonly in practice, the user may carry a small, portable, secure, non-networked computing device capable of regenerating any needed password given the secret passphrase, the [[Salt (cryptography)|salt]], and the number of iterations of the hash required, the latter two of which are conveniently provided by the server requesting authentication for login. In any case, the first password will be the same password that the server has stored. This first password will not be used for authentication (the user should scratch this password on the sheet of paper), the second one will be used instead: * The user provides the server with the second password {{kbd|pwd}} on the list and scratches that password. * The server attempts to compute ''H''({{tt|pwd}}), where {{tt|pwd}} is the password supplied. If ''H''({{tt|pwd}}) produces the password the server has stored, then the authentication is successful. The server will then store {{tt|pwd}} as the current reference. For subsequent authentications, the user will provide {{kbd|password}}<sub>''i''</sub>. (The last password on the printed list, {{tt|password}}<sub>''n''</sub>, is the first password generated by the server, ''H''(''W''), where ''W'' is the initial secret). The server will compute ''H''({{tt|password}}<sub>''i''</sub>) and will compare the result to {{tt|password}}<sub>''i''−1</sub>, which is stored as reference on the server.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)