On very resource constrained devices, for example smart cards or transponders, implementation of a cryptographic authentication protocol is more than often not an option. Such resource constrained devices often use passwords for authentication. Passwords provide a reasonable security against brute force attacks, for instance guessing an n bit password takes on average 2^(n−1) attempts. The problem is in the transmission of the password. A password need only be overheard once and it loses all its security. Many techniques to protect the password during transmission already exist based on techniques such as encryption (for example used in ISO standard), hashing (for example used in UNIX systems), blinding (for example EPC password blinding). The problem with these techniques is that they either are not suitable for implementation on resource constrained devices or that they provide no meaningful improvement in security.