Date: Tue, 8 Jul 2008 21:30:30 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Ivan Grover <ivangrvr299@gmail.com> Cc: freebsd-security@FreeBSD.org Subject: Re: OPIE Challenge sequence Message-ID: <20080708113030.GN62764@server.vk2pj.dyndns.org> In-Reply-To: <670f29e20807080316s6cf57612jf5135bfd340e3328@mail.gmail.com> References: <670f29e20807080316s6cf57612jf5135bfd340e3328@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--rWhLK7VZz0iBluhq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2008-Jul-08 15:46:37 +0530, Ivan Grover <ivangrvr299@gmail.com> wrote: >Iam trying to choose OPIE as my OTP implementation for authenticating the >clients. I have the following queries, could anyone please let me know the= se >-- why does the challenge in OPIE are in predetermined form.. >is it for determining the decryption key for the encrypted passphrase(stor= ed >in opiekeys). The passphrase is not encrypted - it is hashed and cannot be "decrypted". Basically, the passphrase and seed are concatenated and the result is hashed (using MD5) the number of times specified by the iteration count and the seed, count and final hash are stored in /etc/opiekeys. The supplied response is easily verified because when you run it thru MD5, you should get the hash in /etc/opiekeys. You then replace that hash with the one the user supplied. >-- is it possible to generate random challenges using opiechallenge No. The seed has to match the seed that was used to generate the hash with opiepasswd. --=20 Peter Jeremy Please excuse any delays as the result of my ISP's inability to implement an MTA that is either RFC2821-compliant or matches their claimed behaviour. --rWhLK7VZz0iBluhq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkhzT9YACgkQ/opHv/APuIexBwCfbj3Hwop1K8yVLJIhFNLENSMQ 4asAoIorEgEO0jPeacEcyeyTFVJFV/e5 =gO0Y -----END PGP SIGNATURE----- --rWhLK7VZz0iBluhq--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080708113030.GN62764>