[ Crypto ] One-time password / Hash chain

One-time Password / Hash Chain



Notation：
h(X)：a one-way hash fuction
S： a password of client
m：number of hash

Initial：hm(S)
The user computes α = hm(S) = h(h...h(h(S)...)) to Server.

Authentication Process：

Client->Server：α'
1) Compute α' = hm-1(S)

Server->Client：accept/reject
1) Compute α' = h(hm-1(S))
2) Verify α' and α
3) Save α'

While the user wants to be authenticated again, the Client computes α"= h(hm-2(S)) send to the Server. Identical to above steps, the Server then computes α" and compare α' determine whether this authentication is passed or not.

Ref.
http://en.wikipedia.org/wiki/One-time_password
http://en.wikipedia.org/wiki/S/KEY