Summary: This paper proposes a novel one-time password (OTP) mutual authentication scheme based on challenge/response mechanisms. In the scheme, random sub-passwords and corresponding hashes are shared between a user and a server, respectively. By performing modular algebraic operations on two or more randomly chosen sub-passwords, relatively independent OTPs can be produced in the scheme. The used sub-passwords are renewed according to random permutation functions. With tens of random sub-passwords, we can get enough OTPs that can meet the practical needs. The stores and calculations can be implemented with a microcomputer in the user’s terminal. At the same time, the scheme can provide sufficient security in ordinary applications.