[Evans] So here's the idea of how to do this.
We're going to start by selecting some secret,
and then we're going to compute the hash of that secret,
and then we're going to do that again.
We're going to compute the hash that we got for the first time as the input,
and we're going to keep computing hashes here.
This could be done anywhere. I've written it on the server side.
The important point at the end of this--
so what Alice gets is the hash of s, the hash of the hash of s,
the hash of the hash of the hash of s and so forth.
Of course, if she just has s, she could compute all of these herself.
The server only stores 1 thing.
The only thing the server stores is the last value in this hash chain.
So let's suppose we did this 100 times.
This is the value the server would store, and that's the only value stored by the server.
So now the protocol to log in will be Alice will send the 99th value in this hash chain.
So what the server will do is compute the hash of p,
check if it's equal to the stored value x.
If it is, it will allow Alice to log in
and will also update the value of x.
The new value of x will be the value Alice sent as p.
So that's how the first login works.
Now the question is, the next time Alice logs in, what does she need to send?
Here's the choices. Different number of times of doing the hash starting from the secret s.
