One-time password implementation.
Tomasz bla Fortuna
bla at thera.be
Mon Dec 7 19:37:37 UTC 2009
Hello,
I've read thread that took place on this list in February
(http://lists.freebsd.org/pipermail/freebsd-security/2009-February/005132.html)
which tries to find a new solution for OTP authentication as current
implementation of OPIE is kind of outdated.
I'm currently implementing a PAM module using GRC Perfect Paper
Passwords algorithm (with small optional changes). It's far from
perfect/stable release, yet all its main features work (printing
passcards, generating keys, switching flags, labelling passcards, PAM
authentication and parts of out-of-bound passcode transmission).
Project is hosted here:
http://savannah.nongnu.org/projects/otpasswd/
It tries to fix all pitfalls of another existing implementation, namely
ppp-pam (http://code.google.com/p/ppp-pam/) which at first I just
wanted to fix and use.
Things that requires fixing are testcases (there're too little),
splitting into a library+utility+pam_module and most probably a little
redesign to allow user keys to be stored in /etc instead of their homes
which will require SUID utility.
I'm curious of your thoughts, if there's any interest and if so - what
should be done (and how can you help of course. :P).
Licensing issue:
It's currently developed under GPL3+, but as I'm currently the only
code-author I wouldn't hesitate much to relicense it under BSD if it
would make anyone happy (also note that it uses GMP[lgpl3+] as a bignum
library, PAM and OpenSSL).
System issue:
I'm testing it currently using Linux so after program gets a bit
stable I would have to finally try it on FreeBSD. Most probably some
other interested person can review it and port. I'll be glad to have it
working under fbsd so I'll most probably do it myself sometime.
Cheers,
--
Tomasz bla Fortuna
jid: bla(at)af.gliwice.pl
pgp: 0x90746E79 @ pgp.mit.edu a6c0*8884
www: http://bla.thera.be
More information about the freebsd-security
mailing list