I have a security number generator device, small enough to go on a key-ring, which has a six digit LCD display and a button. After I have entered my account name and password on an online form, I press the button on the security device and enter the security code number which is displayed.
I get a different number every time I press the button and the number generator has a serial number on the back which I had to input during the account set-up procedure.
I would like to incorporate similar functionality in my website. As far as I understand, these are the main components:
- Generate a unique N digit aplha-numeric sequence during registration and assign to user (permanently)
- Allow user to generate an N (or M?) digit aplha-numeric sequence remotely For now, I dont care about the hardware side, I am only interested in knowing how I may choose a suitable algorithm that will allow the user to generate an N (or M?) long aplha-numeric sequence - presumably, using his unique ID as a seed
- Identify the user from the number generated in step 2 (which decryption method is the most robust to do this?)
I have the following questions:
- Have I identified all the steps required in such an authentication system?, if not please point out what I have missed and why it is important
- What are the most robust encryption/decryption algorithms I can use for steps 1 through 3 (preferably using 64bits)?