From owner-freebsd-security@FreeBSD.ORG Tue Jul 8 15:37:28 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 393771065675 for ; Tue, 8 Jul 2008 15:37:28 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.freebsd.org (Postfix) with ESMTP id E7A0A8FC17 for ; Tue, 8 Jul 2008 15:37:27 +0000 (UTC) (envelope-from des@des.no) Received: from ds4.des.no (des.no [84.49.246.2]) by smtp.des.no (Postfix) with ESMTP id A56E02083; Tue, 8 Jul 2008 17:37:26 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: "Ivan Grover" References: <670f29e20807080316s6cf57612jf5135bfd340e3328@mail.gmail.com> <20080708113030.GN62764@server.vk2pj.dyndns.org> <670f29e20807080641wb6f76cctfacfbb2af2f4f7e9@mail.gmail.com> Date: Tue, 08 Jul 2008 17:37:26 +0200 In-Reply-To: <670f29e20807080641wb6f76cctfacfbb2af2f4f7e9@mail.gmail.com> (Ivan Grover's message of "Tue\, 8 Jul 2008 19\:11\:35 +0530") Message-ID: <8663rg5qvd.fsf@ds4.des.no> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/23.0.60 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: OPIE Challenge sequence X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2008 15:37:28 -0000 "Ivan Grover" writes: > Thank you so much for your responses. By "predetermined ", i meant the > challenges appear sequentially in decremented fashion, so are we aware of > any security hole with this. There is no way to deduce the next challenge from the current one. This is documented in the opie(4) man page. Here's the only advisory I could find for OPIE: http://security.freebsd.org/advisories/FreeBSD-SA-06:12.opie.asc > I ask this because usually the challenge/response implementations > consider generating random challenges( i think here they have a > weakness where the passphrase need to be in clear text). OPIE cannot use random challenges, because one of the requirements is that it should be possible to print a list of pre-generated responses. The advantage of OPIE over traditional passwords is that OPIE is not vulnerable to replay attacks, but this is not as relevant these days as it was back when S/Key (on which OPIE is based) was designed. Replay attacks aren't very effective against encrypted protocols such as SSH. > My problem is to determine the best challenge/response implementation > for authenticating the clients. Systems like OPIE, where the challenge is actually issued to the user and not just to the user's software, require the user to have access to a response calculator, or to carry a sheet of precalculated responses. The former is difficult unless the users always log in from their own desktop or laptop computer, and the latter is usually a bad idea since someone might steel the sheet. On the bright side, it should be fairly easy to write an OTP calculator that run on a cell phone, such as an S60-based Nokia phones or an iPhone. I'd say that the only advantage of OPIE today is that it's free. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no