From owner-freebsd-security@FreeBSD.ORG Wed Jul 9 06:55:43 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9A2601065689 for ; Wed, 9 Jul 2008 06:55:43 +0000 (UTC) (envelope-from ivangrvr299@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.172]) by mx1.freebsd.org (Postfix) with ESMTP id 1399A8FC1C for ; Wed, 9 Jul 2008 06:55:42 +0000 (UTC) (envelope-from ivangrvr299@gmail.com) Received: by ug-out-1314.google.com with SMTP id q2so33163uge.37 for ; Tue, 08 Jul 2008 23:55:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=9TyCOFo7Ieut+mwbJkNomWmpmwFUPB7azOmuqw71af0=; b=hIb3yFitrxVqVH1LNp/TAjmCxE84ThtCmD0bNJJsmNCRDJDTW2pNWGFmTcXfJsPvA4 4SHbepalUS4/i/iGx2rIldec3VacWTeuwvKPfMWBccAYq3kgciDqJky7+cyxvmPRXxaa 7TFKRyJsKvWYzgBdnDNkMD2hcJCR25vsBQOHs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=HmaBh4Gnu4VGlzQF9CAwsphRMX2hMcHZZNbRs44wPyLH9uNbOaY/bOBxiGf9pNFh0P snqLht+SmKAG0CMjZhjMTZ29WT9Q4jj9PACy1Eljd8Cg32mn85HNfShl0PDZroQpeKDT LRaaV0JuSGMg2mRn/mHreTUrmH+Wy3I+bdZCA= Received: by 10.125.146.5 with SMTP id y5mr1755381mkn.112.1215586540433; Tue, 08 Jul 2008 23:55:40 -0700 (PDT) Received: by 10.125.110.8 with HTTP; Tue, 8 Jul 2008 23:55:40 -0700 (PDT) Message-ID: <670f29e20807082355j590a23aax6335ee3d6480d96b@mail.gmail.com> Date: Wed, 9 Jul 2008 12:25:40 +0530 From: "Ivan Grover" To: "=?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?=" In-Reply-To: <8663rg5qvd.fsf@ds4.des.no> MIME-Version: 1.0 References: <670f29e20807080316s6cf57612jf5135bfd340e3328@mail.gmail.com> <20080708113030.GN62764@server.vk2pj.dyndns.org> <670f29e20807080641wb6f76cctfacfbb2af2f4f7e9@mail.gmail.com> <8663rg5qvd.fsf@ds4.des.no> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org Subject: Re: OPIE Challenge sequence X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 06:55:43 -0000 On Tue, Jul 8, 2008 at 9:07 PM, Dag-Erling Sm=F8rgrav wrote: > "Ivan Grover" writes: > > Thank you so much for your responses. By "predetermined ", i meant the > > challenges appear sequentially in decremented fashion, so are we aware = of > > any security hole with this. > > There is no way to deduce the next challenge from the current one. This > is documented in the opie(4) man page. Just to clarify, I think you are trying to say the next response from the current one, since the challenges are generated somehting like otp-md5 60 lo0245 ext, otp-md5 59 lo0245 ext, otp-md5 58 lo0245 ext,... so on. > > Here's the only advisory I could find for OPIE: > > http://security.freebsd.org/advisories/FreeBSD-SA-06:12.opie.asc > > > I ask this because usually the challenge/response implementations > > consider generating random challenges( i think here they have a > > weakness where the passphrase need to be in clear text). > > OPIE cannot use random challenges, because one of the requirements is > that it should be possible to print a list of pre-generated responses. > > The advantage of OPIE over traditional passwords is that OPIE is not > vulnerable to replay attacks, but this is not as relevant these days as > it was back when S/Key (on which OPIE is based) was designed. Replay > attacks aren't very effective against encrypted protocols such as SSH. > > > My problem is to determine the best challenge/response implementation > > for authenticating the clients. > > Systems like OPIE, where the challenge is actually issued to the user > and not just to the user's software, require the user to have access to > a response calculator, or to carry a sheet of precalculated responses. > The former is difficult unless the users always log in from their own > desktop or laptop computer, and the latter is usually a bad idea since > someone might steel the sheet. On the bright side, it should be fairly > easy to write an OTP calculator that run on a cell phone, such as an > S60-based Nokia phones or an iPhone. > > I'd say that the only advantage of OPIE today is that it's free. > > DES > -- > Dag-Erling Sm=F8rgrav - des@des.no >