Talk:Hash Based Authentication

From Armagetron

H needn't to be a trap-door hash function (no trap-door is used in the protocol). I am not sure about the proper requirement, though.

In my book, a trapdoor function is one that is practically non-invertible, that means that no good way to find a X so that H(X)=Y for a given Y is known and that one hopes this stays that way. That property certainly is required, or the game server can determine the user's password or something that is as good as the password.

Z-Man 16:18, 7 March 2006 (CST)

What you are describing is a one-way function, see http://en.wikipedia.org/wiki/One-way_function

A trap door one-way function is a function that can only be inverted if some secret value (the trap door) is known (admittedly, the naming convention sucks, since a trap-door one-way function is not a one-way function), see also http://en.wikipedia.org/wiki/Trapdoor_one_way_function)

I didn't include the requirement because even though it is necessary, it is - I think - not sufficient for security.

Meriton 16:39, 7 March 2006 (CST)