OPIE Authentication System And OPTW

OPIE is the initialism of "One time Passwords In Everything". Opie is a mature, Unix-like login and password package installed on the server and the client which makes untrusted networks safer against password-sniffing packet-analysis software like dSniff and safe against Shoulder surfing. It works by circumventing the delayed attack method because the same password is never used twice after installing Opie. OPIE implements a one-time password (OTP) scheme based on S/key, which will require a secret passphrase (not echoed) to generate a password for the current session, or a list of passwords you can print and carry on your person.

OPIE uses an MD4 or MD5 hash function to generate passwords.

OPIE can restrict its logins based on IP address. It uses its own passwd and login modules.

If the Enter key ↵ Enter is pressed at the password prompt, it will turn echo on, so what is being typed can be seen when entering an unfamiliar password from a printout.

OPIE will improve security when accessing online banking at conferences, hotels and airports. Some countries require banks to implement OTP.

OPIE shipped with DragonFly BSD, FreeBSD and OpenSUSE. It is available as optional package in Debian. It can be installed on a Unix-like server and clients for improved security.

The commands are
opiepasswd
opiekey

------------------------------------------------------------------------------------------------------------

OPTW的官网是http://www.cl.cam.ac.uk/~mgk25/otpw.html

 

OTPW is a one-time password system developed for authentication in Unix-like operating systems by Markus Kuhn. A user's real password is not directly transmitted across the network. Rather, the real password is combined with a short set of characters (constant secret) and a set of one-time tokens to form a single-use password. As the single-use password is only used once, passwords intercepted by a password sniffer or key logger are not useful to an attacker.

OTPW is supported in Unix and Linux (via Pluggable authentication modules), OpenBSD, NetBSD, and FreeBSD, and a generic open source implementation can be used to enable its use on other systems.

OTPW, like the other one-time password systems, is sensitive to a man in the middle attack if used by itself. This could for example be solved by putting SSL, SPKM or similar security protocol "under it" which authenticates the server and gives point-to-point security between the client and server.

 

Design and differences from other implementations

Unlike S/KEY, OTPW is not based on the Lamport's scheme in which every one-time password is the one-way hash value of its successor. Password lists based on the Lamport's scheme have the problem that if the attacker can see one of the last passwords on the list, then all previous passwords can be calculated from it. We also do not store the encrypted passwords as suggested by Aviel D. Rubin in Independent One-Time Passwords, in order to keep the host free of files with secrets. Both proposals aimed to save memory in the host system.
[edit]
Storing passwords

In OTPW one-way hash value of every single password is stored in a potentially widely readable file in the user’s home directory. For instance, hash values of 300 passwords (a typical A4 page) require only a four kilobyte long .otpw file, a typically negligible amount of storage space.
[edit]
Generating passwords

The passwords are carefully generated random numbers. The random number generator is based on the RIPEMD-160 secure hash function. The random number generator is seeded by hashing together the output of various shell commands. These provide unpredictability in the form of a system random number seed, access times of important system files, usage history of the host, and more. The random state is the 160-bit output of the hash function. The random state is iterated after each use by concatenating the old state with the current high-resolution timer output and hashing the result again. The first 72 bits of the hash output are encoded with a modified base64 scheme to produce readable passwords, while the remaining 88 bits represent the undisclosed internal state of the random number generator.
[edit]
Form of a password

In many fonts, the characters 0 and O or 1 and l and I are difficult to distinguish, therefore the modified base64 encoding replaces the three characters 01l by corresponding :, = and %. If for instance a zero is confused with a capital O by the user, the password verification routine will automatically correct for this.

S/KEY uses sequences of short English words as passwords. OTPW uses by default a base64 encoding instead, because that allows more passwords to be printed on a single page, with the same password entropy. In addition, an average human spy needs over 30 seconds to write a 12-character random string into short-term memory, which provides a good protection against brief looks that an attacker might have on a password list. Lists of short words on the other hand are much faster to memorize. OTPW can handle arbitrary password generation algorithms, as long as the length of the password is fixed. In the current version, the otpw-gen can generate both base-64 encoded (option -p) and 4-letter-word encoded (option -p1) passwords with a user-specified entropy (option -e).
[edit]
The prefix password

The prefix password ensures that neither stealing the password list nor eavesdropping the line alone can provide unauthorized access. Admittedly, the security obtained by OTPW is not comparable with that of a challenge-response system in which the user has a PIN protected special calculator that generates the response. On the other hand, a piece of paper is much more portable, much more robust, and much cheaper than a special calculator. OTPW was designed for the large user base, for which an extra battery-powered device is inconvenient or not cost effective and who therefore still use normal Unix passwords everywhere.
[edit]
Passwords locking

In contrast to the suggestion made in RFC 1938 , OTPW does not lock more than one one-time password at a time. If we did this, an attacker could easily exhaust our list of unlocked passwords and force us to either not login at all or use the normal Unix login password. Therefore, OTPW locks only one single password and for all further logins a triple-challenge is issued. If more than 100 unused passwords remain available, then there are over a million different challenges and an attacker has very little chance to perform a successful race attack while the authorized user finishes password entry.