httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <>
Subject Re: secure transfer using skey
Date Fri, 01 Sep 1995 14:38:12 GMT
> >I can't see any obvious synchronisation issues here.
> The one-time-password generators on each system need to be synchronized
> (probably the wrong word, since they aren't clocks) because the 
> generator increments the seed on each password generated, which works
> just fine until the server generates a password which never gets seen
> by the client.  However, this is just from memory of a conversation
> I had eight months ago, so it may be completely bonkers.  I believe
> this problem may be addressed by the newer specification.

The one-time-password generator is independent of the challenge
You can run the o-t-p genarator a thousand times, it just acts as
a  challenge+password -> string   function.
It'll give the same answer over and over again and it doens't know or
care what sequence things are requested.

The server just calls the challenge generator whenever it feels like.
It is this program that decrements a seed when given the o-t-p in
response to the challenge.


View raw message