From owner-freebsd-security@FreeBSD.ORG  Tue Jul  8 11:41:52 2008
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 795E1106566C
	for <freebsd-security@freebsd.org>;
	Tue,  8 Jul 2008 11:41:52 +0000 (UTC) (envelope-from des@des.no)
Received: from tim.des.no (tim.des.no [194.63.250.121])
	by mx1.freebsd.org (Postfix) with ESMTP id 3B43A8FC2B
	for <freebsd-security@freebsd.org>;
	Tue,  8 Jul 2008 11:41:52 +0000 (UTC) (envelope-from des@des.no)
Received: from ds4.des.no (des.no [84.49.246.2])
	by smtp.des.no (Postfix) with ESMTP id 567172083;
	Tue,  8 Jul 2008 13:22:50 +0200 (CEST)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: "Ivan Grover" <ivangrvr299@gmail.com>
References: <670f29e20807080316s6cf57612jf5135bfd340e3328@mail.gmail.com>
Date: Tue, 08 Jul 2008 13:22:49 +0200
In-Reply-To: <670f29e20807080316s6cf57612jf5135bfd340e3328@mail.gmail.com>
	(Ivan Grover's message of "Tue\, 8 Jul 2008 15\:46\:37 +0530")
Message-ID: <86abgs7h86.fsf@ds4.des.no>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/23.0.60 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-security@freebsd.org
Subject: Re: OPIE Challenge sequence
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jul 2008 11:41:52 -0000

"Ivan Grover" <ivangrvr299@gmail.com> writes:
> Iam trying to choose OPIE as my OTP implementation for authenticating the
> clients. I have the following queries, could anyone please let me know th=
ese
> -- why does the challenge in OPIE are in predetermined form..
> is it for determining the decryption key for the encrypted passphrase(sto=
red
> in opiekeys).

There is no encryption involved; OPIE is based on a one-way hash
function (usually MD5).

I'm not sure what you mean by "predetermined form", but one of the
features of OPIE is that you should be able to use it even when you
don't have a key calculator, by pre-generating and printing a list of
responses.

> -- is it possible to generate random challenges using opiechallenge

No.  There is a random seed, but it remains the same until you either
run out of keys or generate a new series.

> Any pointers/links will be very much helpful.

The opie(4) man page describes the algorithm.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no