in reply to OTP (S/Key) implementation using just numbers
A few comments:
- OTP may not be secure if you use small 'pads' or numbers (like less than 1000 chars). Weigh security against userfriendliness. PGP can compensate for too small info.
- I don't think I have to mention that security is as strong as the weakest link, but just to be sure.
- Chars are easy to convert to numbers, eg see CGIPack.
- Or if you have 8 chars in the 0-255 ASCII range, just use pack/unpack once (quad integer, 64 bit platforms) or twice (long integer). If you have an 8-digit integer, short is enough.
Hope this helps,
Jeroen
"We are not alone"(FZ)
|
---|
In Section
Seekers of Perl Wisdom