The S/KEY One-Time Password System (RFC1760)
Original Publication Date: 1995-Feb-01
Included in the Prior Art Database: 2000-Sep-12
Internet Society Requests For Comment (RFCs)
This document describes the S/KEY* One-Time Password system as released for public use by Bellcore and as described in reference . A reference implementation and documentation are available by anonymous ftp from ftp.bellcore.com in the directories pub/nmh/...
Network Working Group N. Haller
Request for Comments: 1760 Bellcore
Category: Informational February 1995
The S/KEY One-Time Password System
Status of this Memo
This memo provides information for the Internet community. This memo
does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
This document describes the S/KEY* One-Time Password system as
released for public use by Bellcore and as described in reference
. A reference implementation and documentation are available by
anonymous ftp from ftp.bellcore.com in the directories pub/nmh/...
One form of attack on computing system connected to the Internet is
eavesdropping on network connections to obtain login id's and
passwords of legitimate users. The captured login id and password
are, at a later time, used gain access to the system. The S/KEY
One-Time Password system is designed to counter this type of attack,
called a replay attack.
With the S/KEY system, only a single use password ever crosses the
network. The user's secret pass-phrase never crosses the network at
any time, including during login or when executing other commands
requiring authentication such as the UNIX commands passwd or su.
Thus, it is not vulnerable to eavesdropping/replay attacks. Added
security is provided by the property that no secret information need
be stored on any system, including the host being protected.
The S/KEY system protects against external passive attacks against
the authentication subsystem. It does not prevent a network
eavesdropper from gaining access to private information, and does not
provide protection against "inside jobs" or against active attacks
where the potential intruder as able to intercept and modify the
There are two sides to the operation of the S/KEY one-time password
system. On the client side, the appropriate one-time password must
be generated. On the host side, the server must verify the one-time
password and permit the secure changing of the user's secret pass-
An S/KEY system client passes the user's secret pass-phrase through
multiple applications of a secure hash function to produce a one-time
password. On each use, the number of applications is reduced by one.
Thus a unique sequence of passwords is generated. The S/KEY system
host verifies the one-time password by making one pass though the
secure hash function and comparing the result with the previous one-
time password. This technique was first suggested by Leslie Lamport
Secure Hash Function
A secure hash function is a function that is easy to compute in the
forward direction, but computationally infeasible to invert. The
S/KEY system is based on the MD4 Message Digest algorithm designed by
Ronald Rivest ....