 |
| - A - |
| - B - |
| - C - |
| - D - |
| - E - |
| - F - |
| - G - |
| - H - |
| - I - |
| - J - |
| - K - |
| - L - |
| - M - |
| - N - |
| - O - |
| - P - |
| - Q - |
| - R - |
| - S - |
| - T - |
| - U - |
| - V - |
| - W - |
| - X - |
| - Y - |
| - Z - |
S/KEY
S/KEY
S/KEY is mostly used on public computers and offline devices in which an individual does not desire to use a long-term password. It works by combining a user’s real password with a short character set to formulate a one-time password. Since each password is only to be used once, this system makes password sniffing much less effective.
The overall security of S/KEY depends on the difficulty of reversing the cryptographic hash function. Let us assume that an intruder learns a password that would enable successful authentication. If the password is “a”, it may be useless for subsequent authentication as it can only be used once. However, a password of “a1" can be useful in this scheme as it would be used in the next authentication attempt.
S/KEY is vulnerable to man in the middle attacks and other exploits when used alone. These vulnerabilities can be reduced when using encrypted transport layers such as SSH (Secure Shell) and SSL (Secure Sockets Layer).