OPIE Challenge sequence

Ivan Grover ivangrvr299 at gmail.com
Wed Jul 9 06:55:43 UTC 2008 

On Tue, Jul 8, 2008 at 9:07 PM, Dag-Erling Smørgrav <des at des.no> wrote:

> "Ivan Grover" <ivangrvr299 at gmail.com> writes:
> > Thank you so much for your responses. By  "predetermined ", i meant the
> > challenges appear sequentially in decremented fashion, so are we aware of
> > any security hole with this.
>
> There is no way to deduce the next challenge from the current one.  This
> is documented in the opie(4) man page.

Just to clarify, I think you are trying to say the next response from the
current one, since the challenges are generated somehting like otp-md5 60
lo0245 ext, otp-md5 59 lo0245 ext, otp-md5 58 lo0245 ext,... so on.


>
> Here's the only advisory I could find for OPIE:
>
> http://security.freebsd.org/advisories/FreeBSD-SA-06:12.opie.asc
>




> > I ask this because usually the challenge/response implementations
> > consider generating random challenges( i think here they have a
> > weakness where the passphrase need to be in clear text).
>
> OPIE cannot use random challenges, because one of the requirements is
> that it should be possible to print a list of pre-generated responses.
>
> The advantage of OPIE over traditional passwords is that OPIE is not
> vulnerable to replay attacks, but this is not as relevant these days as
> it was back when S/Key (on which OPIE is based) was designed.  Replay
> attacks aren't very effective against encrypted protocols such as SSH.
>
> > My problem is to determine the best challenge/response implementation
> > for authenticating the clients.
>
> Systems like OPIE, where the challenge is actually issued to the user
> and not just to the user's software, require the user to have access to
> a response calculator, or to carry a sheet of precalculated responses.
> The former is difficult unless the users always log in from their own
> desktop or laptop computer, and the latter is usually a bad idea since
> someone might steel the sheet.  On the bright side, it should be fairly
> easy to write an OTP calculator that run on a cell phone, such as an
> S60-based Nokia phones or an iPhone.
>
> I'd say that the only advantage of OPIE today is that it's free.
>
> DES
> --
> Dag-Erling Smørgrav - des at des.no
>

More information about the freebsd-security mailing list