OPIE Challenge sequence
Ivan Grover
ivangrvr299 at gmail.com
Wed Jul 9 08:18:38 UTC 2008
Thanks all for your valuable response.
Regards,
Ivan
On Wed, Jul 9, 2008 at 12:57 AM, Jason Stone <freebsd-security at dfmm.org>
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On the bright side, it should be fairly easy to write an OTP calculator
>> that run on a cell phone
>>
>
> These already exist for J2ME-enabled mobiles (which is most of them?):
>
> http://tanso.net/j2me-otp/
> http://otp-j2me.sourceforge.net/
>
>
> Systems like OPIE, where the challenge is actually issued to the user
>> and not just to the user's software, require the user to have access to
>> a response calculator, or to carry a sheet of precalculated responses.
>>
>
> There exist apps (i.e., browsers, FTP clients, mailers, etc) that integrate
> OPIE and can transparently respond to challenges. The user just puts in his
> password, and he doesn't worry about plaintext or OPIE or whatever; the app
> just does the right thing. Fetch, an FTP client for the Mac, is one such
> app.
>
> One could argue that this encourages users to just punch in their password
> and not understand if it's going to go over the wire in the clear or be used
> to answer a challenge, but it's very useful when you have users who are
> incapable of making such distinction in the first place and you just need to
> make sure their password is secure for _your_ service.
>
>
> -Jason
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (FreeBSD)
> Comment: See https://private.idealab.com/public/jason/jason.gpg
>
> iD8DBQFIc7+YswXMWWtptckRAoaAAJkBnis9pNHnwuXCc6zjqESrDh8zGwCfTYWC
> 41JZRoD12LhIpG3QK7cfhMU=
> =w11K
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org
> "
>
More information about the freebsd-security
mailing list