S/Key

S/KEY is a one-time password system developed for authentication to Unix-like operating systems, especially from dumb terminals or untrusted public computers on which one does not want to type a long-term password. A user's real password is combined in an offline device with a short set of characters and a decrementing counter to form a single-use password. Because each password is only used once, they are useless to password sniffers.

Because the short set of characters does not change until the counter reaches zero, it is possible to prepare a list of single-use passwords, in order, that can be carried by the user. Alternatively, the user can present the password, characters, and desired counter value to a local calculator to generate the appropriate one-time password that can then be transmitted over the network in the clear. The latter form is more common and practically amounts to challenge–response authentication.

S/KEY is supported in Linux (via pluggable authentication modules), OpenBSD, NetBSD, and FreeBSD, and a generic open-source implementation can be used to enable its use on other systems. OpenSSH also implement S/KEY since version OpenSSH 1.2.2 released on December 1, 1999. One common implementation is called OPIE. S/KEY is a trademark of Telcordia Technologies, formerly known as Bell Communications Research (Bellcore).

S/KEY is also sometimes referred to as Lamport's scheme, after its author, Leslie Lamport. It was developed by Neil Haller, Phil Karn and John Walden at Bellcore in the late 1980s. With the expiration of the basic patents on public-key cryptography and the widespread use of laptop computers running SSH and other cryptographic protocols that can secure an entire session, not just the password, S/KEY is falling into disuse.^{[citation needed]} Schemes that implement two-factor authentication, by comparison, are growing in use.