Date: Tue, 17 Feb 2009 11:20:21 +0100 From: Alexander Leidinger <Alexander@Leidinger.net> To: Benjamin Lutz <mail@maxlor.com> Cc: freebsd-security@freebsd.org Subject: Re: OPIE considered insecure Message-ID: <20090217112021.140370oxweabeacc@webmail.leidinger.net> In-Reply-To: <200902121113.58828.mail@maxlor.com> References: <200902090957.27318.mail@maxlor.com> <200902111821.53437.mail@maxlor.com> <20090212104119.45583e6fcp63gcmc@webmail.leidinger.net> <200902121113.58828.mail@maxlor.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Benjamin Lutz <mail@maxlor.com> (from Thu, 12 Feb 2009 =20 11:13:58 +0100): > Hi Alexander, Sorry for the delay, an illness is making its rounds here and I got hit too.= .. > On Thursday 12 February 2009 10:41:19 Alexander Leidinger wrote: >> - Implement something which is similar o freeauth.org, just better >> implemented and without the "not so good" stuff / design decissions. >> >> Short: they need something you know (PIN) + something you have (e.g. >> token, or mobile phone with java with some fixed key). You then enter >> your arbitrary long PIN into the phone, and it will give you a time >> limited key to login (so the time needs to be in sync to some extend). >> On the machine you login you need the cleartext version of your PIN, >> the fixed key, and ideally it saves the the PW you just used to login >> to prevent a relogin with the same PW. If you've seen the remote login >> tokens from RSA or similar, then you should get the idea what this is >> about. > > I've stumbled accross freeauth.org while researching the subject. The reas= on > I didn't consider it is because so far I've been just printing out my otps= , > and that's no longer possible with freeauth.org. And there are situations > where I can't run a Java program on my phone, for example when I'm using > the phone as a bluetooth modem. Nothing prevents you to write a program in C, perl, or whatever. This =20 way you can generate the PW on the system where you use the blutooth =20 modem (in case it is trusted). > I'm not saying that time-based pws wouldn't be nice to have, it just goes = in > a different direction than OPIE, so it's not what I'm looking for at the > moment. Also, the thought of having to write programs in J2ME again > horrifies me :) > >> I wrote down a while ago the algorithm somewhere (based upon my own >> thoughts how to do it, this was before I've seen freeauth, so it's >> independent), and also thought about the bells and whistles (some >> security pitfalls you need to think about). If you are interested in >> implementing this (ideally with a BSD license for inclusion into the >> base system) > > While I most probably won't implement freeauth.org, I'd still like to see > your notes; the security pitfalls you considered are likely there for othe= r > algorithms too. The notes are in the direction of notifying the user if the PIN can =20 hit non-volatile storage, or that the storage area of the PIN needs to =20 0ed in-place after use to prevent it to appear in (provoked) crash =20 dumps or just plain reading from memory. There are also notes about =20 the valid character set (there should be no NUL byte or newline, but =20 apart from that there should be not much restrictions (depends upon =20 the device you use to enter the PIN)), that the device which prints =20 out the PW should also have an indication for the lifetime of the PW, =20 that the server should save the valid PWs of the current valid =20 timeframe to prevent multiple logins with the same PW (also serves as =20 an indicator that someone spied out the PW in case you enter the PW =20 correctly and the timeframe is OK too). The algorithm itself is not 100% finished yet. The generic part is =20 done, but I haven't finished the details (important here is the format =20 of the date which is passed to the hash function, which hash funtion =20 to use, how long the PW can be (truncation of the hash and the =20 corresponding security implications... also in the light of user =20 convenience)). If someone really wants to put some amount of time/work =20 into this, I can put it up on the FreeBSD wiki and hand out =20 contributor access to it, but just to satisfy the curiosity of people, =20 I'm not interested to invest the necessary time to polish it and put =20 it up on the wiki. Bye, Alexander. --=20 A sect or party is an elegant incognito devised to save a man from the vexation of thinking. =09=09-- Ralph Waldo Emerson, Journals, 1831 http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090217112021.140370oxweabeacc>