Burt Kaliski

Subscribe to Burt Kaliski: eMailAlertsEmail Alerts
Get Burt Kaliski: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Burt Kaliski

The recent startling announcement that the SHA-1 hash function wasn’t as secure as believed raised interesting questions in the world of one-time password technology, since the newly proposed HOTP algorithm is based on SHA-1: Should the industry standardize around a single one-time password (OTP) algorithm? And what role should algorithm agility have in the future of one-time passwords? HOTP, the HMAC-based One-Time Password algorithm, was introduced by OATH, a consortium organized last year to promote OTP technology. HOTP is based on the HMAC-SHA-1 algorithm (HMAC itself stands for Hash-Based Message Authentication Code), which in turn is based on SHA-1. In HOTP, a one-time password is computed as a function of a token secret and a counter value: one-time password = HMAC-SHA-1 (token secret, counter)Although HOTP is new, HMAC-SHA-1 itself is fairly widely stand... (more)