Abstract
Lamport's one-time password (OTP) was originally proposed to address the weaknesses of a simple password system. However, it has been widely used to design key management and authentication mechanisms. OTP is based on a hash chain constructed using only the cryptographic hash function, in which the hash chain is a main engine for OTP generation. Thus, the structural property of the hash chain determines the advantages and disadvantages of the OTP system that employs it. A main weakness of Lamport's OTP is that the length of the hash chain is finite, meaning that OTP generation is also finite. In this paper, a new hash chain is designed and constructed for infinite OTP generation without a pre-shared secret between two parties (prover and verifier). Instead of a single long hash chain as in Lamport's OTP, the hash chain in the proposed OTP consists of multiple short hash chains. This paper shows that the proposed OTP addresses the weaknesses of Lamport's OTP while preserving its advantages.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: Computer Law and Security Review: The International Journal of Technology and Practice
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.