When I first heard about quantum cryptography, I started thinking about evolving authentication key, a door key that changes shape when it is used. Such a key cannot be copied and used without alerting the original key owner because the matching lock changes in sync.  Actual mechanism used to evolve the key and the lock together is implementation specific.

Evolving password is an evolving authentication key in that password will change each time it is used to login successfully. Since a password is essentially a shared secret, evolution of password involves another shared secret: challenge. One way to implement evolving password in an webapp is for the webapp to generate and send the challenge in the password form field.

I've been thinking lately about combining evolving password idea with Stanford Security Lab's web password hashing (PwdHash) idea. But I am not sure when and if I'll have time to build a prototype though so I am blogging it to relieve the stress of creativity. 🙂