Date: Mon, 7 Dec 2009 20:19:24 +0100 From: Tomasz bla Fortuna <bla@thera.be> To: freebsd-security@freebsd.org Subject: One-time password implementation. Message-ID: <20091207201924.5d6ef1bf@thera.be>
next in thread | raw e-mail | index | archive | help
Hello, I've read thread that took place on this list in February (http://lists.freebsd.org/pipermail/freebsd-security/2009-February/005132.html) which tries to find a new solution for OTP authentication as current implementation of OPIE is kind of outdated. I'm currently implementing a PAM module using GRC Perfect Paper Passwords algorithm (with small optional changes). It's far from perfect/stable release, yet all its main features work (printing passcards, generating keys, switching flags, labelling passcards, PAM authentication and parts of out-of-bound passcode transmission). Project is hosted here: http://savannah.nongnu.org/projects/otpasswd/ It tries to fix all pitfalls of another existing implementation, namely ppp-pam (http://code.google.com/p/ppp-pam/) which at first I just wanted to fix and use. Things that requires fixing are testcases (there're too little), splitting into a library+utility+pam_module and most probably a little redesign to allow user keys to be stored in /etc instead of their homes which will require SUID utility. I'm curious of your thoughts, if there's any interest and if so - what should be done (and how can you help of course. :P). Licensing issue: It's currently developed under GPL3+, but as I'm currently the only code-author I wouldn't hesitate much to relicense it under BSD if it would make anyone happy (also note that it uses GMP[lgpl3+] as a bignum library, PAM and OpenSSL). System issue: I'm testing it currently using Linux so after program gets a bit stable I would have to finally try it on FreeBSD. Most probably some other interested person can review it and port. I'll be glad to have it working under fbsd so I'll most probably do it myself sometime. Cheers, -- Tomasz bla Fortuna jid: bla(at)af.gliwice.pl pgp: 0x90746E79 @ pgp.mit.edu a6c0*8884 www: http://bla.thera.be
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091207201924.5d6ef1bf>