S/Key is a one-time password scheme based on a non-reversible cryptographic hash of a secret string. In English, this means that you think up a secret pass phrase, run it through a program, and a small bunch of bytes comes out the other end. S/key hashes up your pass phrase a certain *number* of times, and you supply these hashes as passwords in the reverse order from how they were generated. It is secure because each time your pass phrase is hashed "forward", some information inside it is is lost, making it much harder to go "backward". Since you know your secret phrase, only you can effectively go "backward" by starting with your known secret and going forward. Each hash is used as an authentication password once only; afterward, it is never valid again and thus useless to "sniffers".
Diagrammatically, it goes like this:
|| \/ .--------. | HASHER | /\ `--------' || || very hard to go in this \/ direction without the secret Key number 0 || \/ .--------. easy to compute sequence | HASHER | in this direction `--------' || || \/ \/ Key number 1 || \/ .--------. | HASHER | `--------' || \/ Key number 2 || \/ ... etc ...
To authenticate you, the system asks for the key PREVIOUS to the one it has stored, and hashes what you supply in the "forward" direction once. If the result matches the stored key, you are authenticated, and the system stores the key you just used for next time. The hashes are represented as strings of six words. challenge.