From owner-freebsd-security@FreeBSD.ORG Tue Aug 21 16:03:50 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 38A45106564A for ; Tue, 21 Aug 2012 16:03:50 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) by mx1.freebsd.org (Postfix) with ESMTP id 1A48E8FC08 for ; Tue, 21 Aug 2012 16:03:49 +0000 (UTC) Received: from Xins-MacBook-Pro.local (unknown [IPv6:2001:470:83bf:0:a0dd:a42a:75b4:d811]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 14B561DDBE; Tue, 21 Aug 2012 09:03:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1345565025; bh=sEkhfr4i4IJuzgjzTMKvhIh0g4W5IbfAcR5uJO9KOkM=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=gKGw3FNNk/U/f4RGIvcwtPjQEnpxVw0nFVelduwunXV289a4SBFiYDI0m97R7t20K 4BIbRkBcydZ6ZTd271rs2IGageBxXLCXodtfrYU1MZLY/uKdoeqg22NakQActcEgQD dE2eK6n1xgVfrZhvlIBRGpEgWAyo9ggKMDRhTQgM= Message-ID: <5033B15F.3020905@delphij.net> Date: Tue, 21 Aug 2012 09:03:43 -0700 From: Xin Li Organization: The FreeBSD Project User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= References: <86393gpdrp.fsf@ds4.des.no> In-Reply-To: <86393gpdrp.fsf@ds4.des.no> X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org Subject: Re: Hardware TOTP tokens X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Aug 2012 16:03:50 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 8/21/12 6:37 AM, Dag-Erling Smørgrav wrote: > I'm looking for *rekeyable* TOTP (RFC 6238) tokens - preferably, > but not necessarily OATH-certified. Does anyone know where I can > find something like that? > > Alternatively, does anyone know of a reasonably-priced device that > can be used to implement this? The requirements are very modest - > a cheap microcontroller with a few kB of EEPROM and few kB of RAM, > a reasonably precise real-time clock, and a six-digit seven-segment > display, all in a package the size of a pack of gum. > > Note that we're not talking about large volumes - I need a few > hundred, at most. Is it intentional to avoid Google Authenticator? (I would consider it because it's relatively easier to synchronize time and easy to notice when they are missing but yes, the end user needs an Android or iOS based smartphone and it's a hassle when they migrate). Cheers, -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) iQEcBAEBCAAGBQJQM7FfAAoJEG80Jeu8UPuzguoH+gJBM0jr1CV+2uZ89aEVoR6A 6fjilvIYO/v8X5a6P5Lv6TJ8jZKgFM0lWJW18xP+CDQ9haPNE7CjR3eMaqcrbI3j 3MbvDp3o+TsjhV1Pht5r+vSEEmmFJRq1Bp0YOvzTn20VrxT3+aNAkzc0UyXERV3g 1rtHnt7RAsSbBpH9D8IOP5bilxAdW82Cws68fUnqTU6DjFkVX4JmzBBMiqW7h7Ps YlO1Os1OytJOuL+bZDnAtnwkUfqHAA3VPp3bu53gDve+YsDXffKpnYZx4FIpsvAn EJP1oN2bVBFug4g94YtLBUTJGSTOBE0et5gOxkeSutDadgQiwc28ZKx1/dBzTy4= =BmVW -----END PGP SIGNATURE-----