in reply to
OTP (S/Key) implementation using just numbers
A few comments:
- OTP may not be secure if you use small 'pads' or
less than 1000 chars). Weigh security against
userfriendliness. PGP can compensate for too small info.
- I don't think I have to mention that security is as
strong as the weakest link, but just to be sure.
- Chars are easy to convert to numbers, eg see CGIPack.
- Or if you have 8 chars in the 0-255 ASCII range, just use pack/unpack
once (quad integer, 64 bit platforms) or twice (long integer).
If you have an 8-digit integer, short is enough.
Hope this helps,
"We are not alone"(FZ)