S-KEY One-Time Password System


S-KEY One-Time Password System described in RFC 1760 describes the S/KEY* One-Time password system as released for public use by Bellcore.

There are two sides to the operation of the S/KEY one-time password system.

On the client side, the appropriate one-time password must be generated.

On the host side, the server must verify the one-time password and permit the secure changing of the user's secret pass-phrase.

An S/KEY system client passes the user's secret pass-phrase through multiple applications of a secure hash function to produce a one-time password. On each use, the number of applications is reduced by one.

Thus a unique sequence of passwords is generated. The S/KEY system host verifies the one-time password by making one pass though the secure hash function and comparing the result with the previous one-time password.

More Information#

There might be more information for this subject on one of the following: