S/KEY is a one-time password system developed for authentication in Unix-like operating systems. A user's real password is not directly transmitted across the network. Rather, the real password is combined with a short set of characters and a decrementing counter to form a single-use password. As the single-use password is only used once, passwords intercepted by a password sniffer are not useful to an attacker.

Because the short set of characters does not change until the counter reaches zero, it is possible to prepare a list of single-use passwords, in order, that can be carried by the user. Alternatively, the user can present the password, characters and desired counter value to a local calculator to generate the appropriate one-time password that can then be transmitted over the network in the clear. The latter form is more common and practically amounts to challenge-response authentication.

S/KEY is supported in Linux (via Pluggable authentication modules), OpenBSD, NetBSD, and FreeBSD, and a generic open source implementation can be used to enable its use on other systems.

S/KEY is also sometimes referred to as Lamport's scheme, after its author.

Password generation

The server is the computer that will perform the authentication.

1. This step begins with a secret key w. This secret can either be provided by the user, or can be generated by a computer. Either way, if this secret is disclosed then the security of S/KEY is compromised
2. H is a cryptographic hash function
3. H is applied n times to w, thereby producing n one-time passwords (the passwords are the results of the cryptographic hash H).
4. The initial secret w is discarded
5. The user is provided with the n passwords, printed out in reverse order.
6. The first n-1 passwords are discarded from the server, only the last password is stored on the server that will authenticate the user.

Authentication

After password generation, the user has a sheet of paper with n passwords on it. The first one is the same password that the server has stored. This first password will not be used for authentication (the user should scratch this password on the sheet of paper), the second one will be used instead:

For subsequent authentications, the user will provide password i-1 (where password 1 is the first password generated by the server, i.e. H(pwd), where pwd is the initial secret), the server will compute H(password i-1) and will compare the result to password i, which is stored as reference on the server.

* Hot Topics 2007 (Jan)
* Hot Topics 2007 (Feb)
* Hot Topics 2007 (Mar)
* Hot Topics 2007 (Apr)
* Hot Topics 2007 (Jun)
* Hot Topics 2007 (Jul)
* Hot Topics 2007 (Aug)

 

Security

Featured Article: Top 10 Network Security Tools

What makes the S/KEY system secure? The security of S/KEY relies on the difficulty of reversing cryptographic hash functions. Let's assume an attacker manages to get hold of a password that was used for a successful authentication.

Supposing this is password i. This password is already useless for subsequent authentications, because each password can only be used once. It would be interesting for the attacker to find out password i-1, because this password is the one that will be used for the next authentication.

However this would require inverting the hash function that produced password i using password i-1 (password i = H(password i-1)), which is extremely difficult to do with current cryptographic hash functions.

S/KEY is however sensitive to a man in the middle attack if used by itself. This could for example be solved by putting SSL, SPKM or similar security protocol "under it" which authenticates the server and gives point-to-point security between the client and server.