S/Key (RFC 2289, 1998)

Authentication credentials.

• A password (pwd).

The authenticator knows.

• The last used one-time password (OTP).

• The last used OTP index.

  • Defines an order among consecutive OTPs.

• A seed value for each person’s OTPs.

  • The seed is similar to a UNIX salt.

Setup

The authenticator defines a random seed.

The person generates an initial OTP as:

• Some S/Key versions also use MD5 or SHA-1.

The authenticator stores seed, n and OTPn as authentication credentials

Authentication protocol

The authenticator sends the seed and index of the person.

• They act as a challenge.

The person generates index-1 OTPs in a row.

• And selects the last one as a result.

• result = OPT_(index-1).

The authenticator computes h(result) and compares the result with the stored OPT_index.

• If they match, the authentication succeeds.

• Upon success, stores the recently used index & OTP.

  • index-1 and OPT_(index-1).

Advantages

Users' passwords are unknown to authenticators.

OTPs can be used as ordinary passwords.

Disadvantages

People need an application to compute OTPs.

Passwords can be derived using dictionary attacks.

• From data stored in authenticators.

• From captured protocol runs.