diff --git a/src/authentic2/crypto.py b/src/authentic2/crypto.py
index 27f291c05..b32ab60a3 100644
--- a/src/authentic2/crypto.py
+++ b/src/authentic2/crypto.py
@@ -24,6 +24,7 @@ from Cryptodome import Random
 from Cryptodome.Cipher import AES
 from Cryptodome.Hash import HMAC, SHA256
 from Cryptodome.Protocol.KDF import PBKDF2
+from django.conf import settings
 from django.utils.crypto import constant_time_compare
 from django.utils.encoding import force_bytes
 
@@ -206,3 +207,17 @@ def check_hmac_url(key, url, signature):
     if hasattr(signature, 'decode'):
         signature = signature.decode()
     return constant_time_compare(signature, hmac_url(key, url).encode('ascii'))
+
+
+def hash_chain(n, seed=None, encoded_seed=None):
+    '''Generate a chain of hashes'''
+    if encoded_seed:
+        seed = base64url_decode(encoded_seed.encode())
+    if hasattr(seed, 'encode'):
+        seed = seed.encode()
+    if seed is None:
+        seed = Random.get_random_bytes(16)
+    chain = [seed]
+    for dummy in range(n - 1):
+        chain.append(hashlib.sha256(chain[-1] + settings.SECRET_KEY.encode()).digest())
+    return [base64url_encode(x).decode('ascii') for x in chain]