## ← 02-49 Hash Chain Solution

• 1 Follower
• 34 Lines

### Get Embed Code x Embed video Use the following code to embed this video. See our usage guide for more details on embedding. Paste this in your document somewhere (closest to the closing body tag is preferable): ```<script type="text/javascript" src='https://amara.org/embedder-iframe'></script> ``` Paste this inside your HTML body, where you want to include the widget: ```<div class="amara-embed" data-url="http://www.youtube.com/watch?v=yF6ch9fEQo8" data-team="udacity"></div> ``` 1 Language

Showing Revision 1 created 04/27/2012 by Amara Bot.

1. [Evans] The answer is Alice needs to send the value of hashing s 98 times.
2. The hash chain is going backwards.
3. We can only verify hashes in 1 direction.
4. The hash is hard to compute in 1 direction.
5. That's the valuable property the hash function gives us.
6. And so we have to go backwards if we want to use it for authentication.
7. Here we're using it to authenticate Alice.
8. If someone just knows x, if someone intercepts p, knows the previous password value,
9. they could compute any of these other values.
10. Those are easy to compute once you have p.
11. This was p, this one is just computing the hash of p,
12. and this one is computing the hash of the hash of p.
13. The only one that would be hard to compute is this one.
14. The server can check that that's correct using the same process.
15. At this point, the value of x is hash 99 of s.
16. So when the value of p that's sent is hash to the 98th power of s,
17. doing hash 98 times, then this equation will be true only if the value sent was correct.
18. So what I've described is what's known as the S/Key password system.
19. The way S/Key would work, the server would generate the hash chain.
20. Let's say there are 100 entries.
21. Alice would print these out in a list,
22. and they would be turned into strings that are easier to type than pure bit sequences.
23. The server would store the last entry in that hash chain and nothing else.
24. And so what's stored in the server could not be used to log in.
25. The list that Alice has could be used, and I should correct this
26. that if Alice starts with H 100 as the first thing in her list,
27. what the server should actually store would be H 101.
28. This has a pretty big downside--that it requires Alice to carry around with her