Date: Tue, 23 Jan 2001 20:57:59 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: Shawn Barnhart <swb@grasslake.net> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Non-sequential one-time passwords? Message-ID: <20010123205759.C26378@citusc17.usc.edu> In-Reply-To: <00a601c0848b$e9600ac0$b8209fc0@marlowe>; from swb@grasslake.net on Mon, Jan 22, 2001 at 09:56:40AM -0600 References: <00a601c0848b$e9600ac0$b8209fc0@marlowe>
next in thread | previous in thread | raw e-mail | index | archive | help
--FsscpQKzF/jJk6ya Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 22, 2001 at 09:56:40AM -0600, Shawn Barnhart wrote: > I'm looking for a way to do one time passwords. S/Key would work great, = but > when generating several passwords it turns out they have to be used > sequentially rather than at random. The sequential nature of S/Key passwo= rds > is kind of a problem, because I don't think I can rely on the people givi= ng > out the one-time passwords to properly ensure they're given out in sequen= ce > and they can't guarantee they will be used in sequence. >=20 > The basic idea is to have say five accounts, each with a block of 10 > one-time passwords. These could be given out on an as-needed basis to > freelancers for access to an FTP site. >=20 > Is there some scheme for doing this or am I SOL? Nope. There are security implications to doing this anyway..this would partly defeat the protection afforded by OTP schemes. What you need is to teach your users how to calculate password challenge responses themselves, either using one of the FreeBSD tools or an online javascript calculator (these exist, but I don't have a URL handy). This is as simple as pasting the OTP challenge into a website and entering their passphrase, then pasting the response in. Providing your users with a list of the next n passwords they will need to use is only a convenience, they can do it on demand when presented with the login challenge, given an available OTP calculator. Kris --=20 NOTE: To fetch an updated copy of my GPG key which has not expired, finger kris@FreeBSD.org --FsscpQKzF/jJk6ya Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6bmDXWry0BWjoQKURAtHvAKCbuniVy+dDOJ49tGQoY+TLNosJrgCfQS2j doQfwrb+8uJaLJskgF5OKag= =hg/k -----END PGP SIGNATURE----- --FsscpQKzF/jJk6ya-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010123205759.C26378>