Burt Kaliski is vice-president of research at RSA Security and chief scientist of its research center, RSA Laboratories. Burt received his bachelor’s, master’s, and PhD degrees in computer science from MIT, where his research focused on cryptography.
The recent startling announcement that the SHA-1 hash function wasn’t
as secure as believed raised interesting questions in the world of one-time
password technology, since the newly proposed HOTP algorithm is based on
SHA-1: Should the industry standardize around a single one-time password
(OTP) algorithm? And what role should algorithm agility have in the future of
one-time passwords?
HOTP, the HMAC-based One-Time Password algorithm, was introduced by OATH, a
consortium organized last year to promote OTP technology. HOTP is based on
the HMAC-SHA-1 algorithm (HMAC itself stands for Hash-Based Message
Authentication Code), which in turn is based on SHA-1. In HOTP, a one-time
password is computed as a function of a token secret and a counter value:
one-time password = HMAC-SHA-1
(token secret, counter)Although HOTP is new, HMAC-SHA-1 itself is fairly
widely stand... (more)
Burt Kaliski is vice-president of research at RSA Security and chief scientist of its research center, RSA Laboratories. Burt received his bachelor’s, master’s, and PhD degrees in computer science from MIT, where his research focused on cryptography.
David Lucas
Cathy Lopez
Shaul Efraim
Terence Martin Breslin
Cory Marchand
David Hughes
James Carlini
John Iffert
Dan Stolts
Joe Zeto
