At 11:51 AM 11/21/2001 -0800, Jeff Fitzmyers wrote: >After pondering this for a while I am thinking of implementing a '1 time >pad' system. I am under the impression they are ultimately the best way >to secure a transaction. True? >[...] >After a challenge is used for login, it is retired. If they lose it, >just create and send another encrypted list. >It is one more thing to keep track of :( But with $$$ a stake it would >be worth it for me. > >Comments???
It sounds like you are reinventing S/KEY - see <http://cnls.lanl.gov/Internal/Computing/Skey/skey.txt>, or "man skey" on a FreeBSD or OpenBSD system (perhaps others, too.) You might also think about using a cryptographic smartcard or token which cannot (as a matter of hardware/firmware design) leak its secret key, or a hardware token like one for RSA's SecurID system, see <http://www.rsa.com/products/securid/authenticators.html>. -- Greg Broiles -- [EMAIL PROTECTED] -- PGP 0x26E4488c or 0x94245961 5000 dead in NYC? National tragedy. 1000 detained incommunicado without trial, expanded surveillance? National disgrace. --- You are currently subscribed to e-gold-tech as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED]
