1. The example describing S/Key stated that "for MD4 and MD5, dictionary attacks are not a threat provided the seeds are chosen randomly." Why? How realistic is this assumption?
2. Why should a time-based authentication system invalidate the current password on a successful authentication?