From: Laurent Demailly <dl@hplyot.obspm.fr>
To: cypherpunks@toad.com
Message Hash: 29a6cef70f4633133259bad59136f62e554274aec132cf1f3a225de4f2125ebe
Message ID: <9510131250.AA28930@hplyot.obspm.fr>
Reply To: N/A
UTC Datetime: 1995-10-13 12:50:42 UTC
Raw Date: Fri, 13 Oct 95 05:50:42 PDT
From: Laurent Demailly <dl@hplyot.obspm.fr>
Date: Fri, 13 Oct 95 05:50:42 PDT
To: cypherpunks@toad.com
Subject: OneTimePasswd (not Pad)
Message-ID: <9510131250.AA28930@hplyot.obspm.fr>
MIME-Version: 1.0
Content-Type: text/plain
Hello,
I'm about to implement an OTPasswd (mostly like s/key) scheme to my
www browsers/clients/proxy, but I was wondering is the mere principle
of storing H^n(S) and requesting H^(n-1) from peer (H beeing your
favorite one way strong hash function (MD5), and S your seed+secret
passwd) could possibly be patented somehow and thus preventing using a
similar scheme without getting a license (from
bellcore?),.... if there are any usage conditions/restrictions?,...
Also, can one compute the amount of information (if any) leaked by the
method, ie, an attacquant who would have all the
H^i i={a...b} (by snooping for instance) would have is job easied,
and by 'how much' to find S? (or H^a-1) . is there any studies on
that for H=MD[45] ? (and what is the status of free use of MDx btw ?)
ps: I just an a thought that maybe the last P in elementrix POTP would
be Passwd and not Pad... it could still be quite interesting to have
H^n(S) (maybe variant with large n) used has 'secret' keys between
parties, you'll get lots of plus against standard attacks, provided
that there is no problem with know the function H^n for several
(possibly large) n... hmmm why this hasn't been implement ? what
obvious flaw am I missing ?
dl
--
Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom
Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept
Soviet NORAD SDI $400 million in gold South Africa plutonium KGB
Return to October 1995
Return to “Laurent Demailly <dl@hplyot.obspm.fr>”