One problem with most versions of RFC1938-based one time password (OTP) systems is that it is often possible to use them to determine whether or not a user has an account on a machine. The most trivial example of this is systems that provide a different prompt if the user has an entry in the OTP database. However, even for systems that always provide an OTP prompt, the prompt itself is rarely convincing and can be trivially identified as a fake. To address this problem, the OTP code in OpenBSD generates a consistent, credible challenge for non-existent users and users without an entry in the OTP database. It does so by generating the prompt based on the hostname and a hash of the username and the contents of a file generated from the kernel random pool. This file is usually created at install time and provides a constant source of random data. Thus, all three components of the challenge are constant, but only the hostname and username are known to the attacker.