[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OneTimePasswd (not Pad)

I'm about to implement an OTPasswd (mostly like s/key) scheme to my
www browsers/clients/proxy, but I was wondering is the mere principle
of storing H^n(S) and requesting H^(n-1) from peer (H beeing your
favorite one way strong hash function (MD5), and S your seed+secret
passwd) could possibly be patented somehow and thus preventing using a
similar scheme without getting a license (from
bellcore?),.... if there are any usage conditions/restrictions?,... 

Also, can one compute the amount of information (if any) leaked by the
method, ie, an attacquant who would have all the
H^i  i={a...b}  (by snooping for instance) would have is job easied,
and by 'how much' to find S? (or H^a-1)  . is there any studies on
that for H=MD[45] ? (and what is the status of free use of MDx btw ?)

ps: I just an a thought that maybe the last P in elementrix POTP would
be Passwd and not Pad... it could still be quite interesting to have
H^n(S) (maybe variant with large n) used has 'secret' keys between
parties, you'll get lots of plus against standard attacks, provided
that there is no problem with know the function H^n for several
(possibly large) n... hmmm why this hasn't been implement ? what
obvious flaw am I missing ?

Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|...  Freedom
Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept

Soviet NORAD SDI $400 million in gold South Africa plutonium KGB