RFC 1938 (rfc1938) - Page 1 of 18


A One-Time Password System



Alternative Format: Original Text Document



Network Working Group                                          N. Haller
Request for Comments: 1938                                      Bellcore
Category: Standards Track                                        C. Metz
                                              Kaman Sciences Corporation
                                                                May 1996


                       A One-Time Password System

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

1.0 ABSTRACT

   This document describes a one-time password authentication system
   (OTP). The system provides authentication for system access (login)
   and other applications requiring authentication that is secure
   against passive attacks based on replaying captured reusable
   passwords. OTP evolved from the S/KEY (S/KEY is a trademark of
   Bellcore) One-Time Password System that was released by Bellcore and
   is described in references [3] and [5].

2.0 OVERVIEW

   One form of attack on networked computing systems is eavesdropping on
   network connections to obtain authentication information such as the
   login IDs and passwords of legitimate users. Once this information is
   captured, it can be used at a later time to gain access to the
   system. One-time password systems are designed to counter this type
   of attack, called a "replay attack" [4].

   The authentication system described in this document uses a secret
   pass-phrase to generate a sequence of one-time (single use)
   passwords.  With this system, the user's secret pass-phrase never
   needs to cross the network at any time such as during authentication
   or during pass-phrase changes. Thus, it is not vulnerable to replay
   attacks.  Added security is provided by the property that no secret
   information need be stored on any system, including the server being
   protected.

   The OTP system protects against external passive attacks against the
   authentication subsystem. It does not prevent a network eavesdropper
   from gaining access to private information and does not provide



Haller & Metz               Standards Track