| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <kju14lux4l.fsf@romeo.rtfm.com> From: ekr at rtfm.com (Eric Rescorla) Subject: One-Time Pad Authentication "Jonathan A. Zdziarski" <jonathan@...learelephant.com> writes: > Before I write this thing, I wanted to check and see if anyone on the > list knows if such a tool already exists in the open-source community. > I've done some google and freshmeat searches but didn't find anything > that seemed to fit the bill. The closest thing I found was E-Pad which > seems to be more related to file encryption than authentication. > > I'm interested in coding a one-time pad authentication system; similar > to SecurID or other types of token authentication only with software > tokens. The administrator would generate the one-time pads for each > user and distribute them using whatever secure method gets coded (PGP, > SSH, or whatever). > > The user then has a software token on their machine with the token code > that changes either every use, or uses some type of challenge/response > system, blah blah blah. This token is used to log into systems, > etcetera. > > I'd be interested in knowing if such an open-source tool exists, and if > not who would be interested in working on it with me (email me privately > if interested). Yes, this exists. What you're describing was originally known a S/Key and was standardized by the IETF under the name of "One-time Password" (OTP) See http://www.ietf.org/rfc/rfc2289.txt S/Key and OTP calculators, PAM modules, etc. are fairly widely available. -Ekr
Powered by blists - more mailing lists