OPIE Challenge sequence
Peter Jeremy
peterjeremy at optushome.com.au
Wed Jul 9 19:54:28 UTC 2008
On 2008-Jul-08 15:46:37 +0530, Ivan Grover <ivangrvr299 at gmail.com> wrote:
>Iam trying to choose OPIE as my OTP implementation for authenticating the
>clients. I have the following queries, could anyone please let me know these
>-- why does the challenge in OPIE are in predetermined form..
>is it for determining the decryption key for the encrypted passphrase(stored
>in opiekeys).
The passphrase is not encrypted - it is hashed and cannot be "decrypted".
Basically, the passphrase and seed are concatenated and the result is
hashed (using MD5) the number of times specified by the iteration count
and the seed, count and final hash are stored in /etc/opiekeys.
The supplied response is easily verified because when you run it thru
MD5, you should get the hash in /etc/opiekeys. You then replace that
hash with the one the user supplied.
>-- is it possible to generate random challenges using opiechallenge
No. The seed has to match the seed that was used to generate the
hash with opiepasswd.
--
Peter Jeremy
Please excuse any delays as the result of my ISP's inability to implement
an MTA that is either RFC2821-compliant or matches their claimed behaviour.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20080709/a7fee300/attachment-0001.pgp
More information about the freebsd-security
mailing list