Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

otp(n) [osx man page]

otp(n)							RFC 2289 A One-Time Password System						    otp(n)

__________________________________________________________________________________________________________________________________________________

NAME

       otp - One-Time Passwords

SYNOPSIS

       package require Tcl  8.2

       package require otp  ?1.0.0?

       ::otp::otp-md4 ?-hex? ?-words? -seed seed -count count data

       ::otp::otp-md5 ?-hex? ?-words? -seed seed -count count data

       ::otp::otp-sha1 ?-hex? ?-words? -seed seed -count count data

       ::otp::otp-rmd160 ?-hex? ?-words? -seed seed -count count data

_________________________________________________________________

DESCRIPTION

       This  package  is  an  implementation  in Tcl of the One-Time Password system as described in RFC 2289 (1). This system uses message-digest
       algorithms to sequentially hash a passphrase to create single-use passwords. The resulting data is then provided  to  the  user	as  either
       hexadecimal  digits  or encoded using a dictionary of 2048 words. This system is used by OpenBSD for secure login and can be used as a SASL
       mechanism for authenticating users.

       In this implementation we provide support for four algorithms that are included in the tcllib distribution: MD5 (2),  MD4  (3),	RIPE-MD160
       (4) and SHA-1 (5).

COMMANDS

       ::otp::otp-md4 ?-hex? ?-words? -seed seed -count count data

       ::otp::otp-md5 ?-hex? ?-words? -seed seed -count count data

       ::otp::otp-sha1 ?-hex? ?-words? -seed seed -count count data

       ::otp::otp-rmd160 ?-hex? ?-words? -seed seed -count count data

EXAMPLES

       % otp::otp-md5 -count 99 -seed host67821 "My Secret Pass Phrase"
       (binary gibberish)
       % otp::otp-md5 -words -count 99 -seed host67821 "My Secret Pass Phrase"
       SOON ARAB BURG LIMB FILE WAD
       % otp::otp-md5 -hex -count 99 -seed host67821 "My Secret Pass Phrase"
       e249b58257c80087

REFERENCES

       [1]    Haller, N. et al., "A One-Time Password System", RFC 2289, February 1998.  http://www.rfc-editor.org/rfc/rfc2289.txt

       [2]    Rivest,  R.,  "The  MD5  Message-Digest  Algorithm",  RFC  1321,	MIT  and RSA Data Security, Inc, April 1992.  (http://www.rfc-edi-
	      tor.org/rfc/rfc1321.txt)

       [3]    Rivest, R., "The MD4 Message Digest Algorithm", RFC 1320, MIT, April 1992. (http://www.rfc-editor.org/rfc/rfc1320.txt)

       [4]    H. Dobbertin, A. Bosselaers, B. Preneel,	"RIPEMD-160,  a  strengthened  version	of  RIPEMD"  http://www.esat.kuleuven.ac.be/~cosi-
	      cart/pdf/AB-9601/AB-9601.pdf

       [5]    "Secure	Hash   Standard",   National   Institute   of	Standards  and	Technology,  U.S.  Department  Of  Commerce,  April  1995.
	      (http://www.itl.nist.gov/fipspubs/fip180-1.htm)

BUGS, IDEAS, FEEDBACK
       This document, and the package it describes, will undoubtedly contain bugs and other problems.  Please report such in the category  otp	of
       the  Tcllib  SF	Trackers [http://sourceforge.net/tracker/?group_id=12883].  Please also report any ideas for enhancements you may have for
       either package and/or documentation.

SEE ALSO

       SASL, md4, md5, ripemd160, sha1

KEYWORDS

       hashing, message-digest, password, rfc 2289, security

CATEGORY

       Hashes, checksums, and encryption

COPYRIGHT

       Copyright (c) 2006, Pat Thoyts <patthoyts@users.sourceforge.net>

otp								       1.0.0								    otp(n)

Check Out this Related Man Page

OPIEKEY(1)						      General Commands Manual							OPIEKEY(1)

NAME

       opiekey, otp-md4, otp-md5 - Programs for computing responses to OTP challenges.

SYNOPSIS

       opiekey | otp-md4 | otp-md5 [-v] [-h] [-f] [-x]
       [-t type ] [-4|-5] [-a] [-n count ] sequence_number seed

DESCRIPTION

       opiekey	takes the optional count of the number of responses to print along with a (maximum) sequence number and seed as command line args.
       It prompts for the user's secret pass phrase and produces an OPIE response as six words. If compiled to do so, it can prompt for the user's
       secret  pass  phrase  twice to help reduce errors due to mistypes. The second password entry can be circumvented by entering only an end of
       line.  opiekey is downward compatible with the key(1) program from the Bellcore S/Key Version 1 distribution and several of its variants.

OPTIONS

       -v     Display the version number and compile-time options, then exit.

       -h     Display a brief help message and exit.

       -4, -5 Selects MD4 or MD5, respectively, as the response generation algorithm. The default for otp-md4 is MD4 and the default for  opie-md5
	      is  MD5. The default for opiekey depends on compile-time configuration, but should be MD5. MD4 is compatible with the Bellcore S/Key
	      Version 1 distribution.

       -f     Force opiekey to continue, even where it normally shouldn't. This is currently used to force opiekey to operate in even from  termi-
	      nals  it	believes  to be insecure.  It can also allow users to disclose their secret pass phrases to attackers.	Use of the -f flag
	      may be disabled by compile-time option in your particular build of OPIE.

       -a     Allows you to input an arbitrary secret pass phrase, instead of running checks against it. Arbitrary currently does not include ''
	      or '
' characters. This can be used for backwards compatibility with key generators that do not check passwords.

       -n <count>
	      the number of one time access passwords to print.  The default is one.

       -x     Output the OTPs as hexadecimal numbers instead of six words.

       -t <type>
	      Generate an extended response of the specified type. Supported types are:

	      word	     six-word
	      hex	     hexadecimal
	      init	     hexadecimal re-initialization
	      init-word      six-word re-initialization

	      The re-initialization responses always generate the simple active attack protection.

       EXAMPLE
	      wintermute$ opiekey -5 -n 5 495 wi01309
	      Using MD5 algorithm to compute response.
	      Reminder: Don't use opiekey from telnet or dial-in sessions.
	      Enter secret pass phrase:
	      491: HOST VET FOWL SEEK IOWA YAP
	      492: JOB ARTS WERE FEAT TILE IBIS
	      493: TRUE BRED JOEL USER HALT EBEN
	      494: HOOD WED MOLT PAN FED RUBY
	      495: SUB YAW BILE GLEE OWE NOR
	      wintermute$

BUGS

       opiekey(1)  can lull a user into revealing his/her password when remotely logged in, thus defeating the purpose of OPIE. This is especially
       a problem with xterm.  opiekey(1) implements simple checks to reduce the risk of a user making this mistake. Better checks are needed.

SEE ALSO

       ftpd(8), login(1), opie(4), opiepasswd(1), opieinfo(1), opiekeys(5), opieaccess(5), su(1)

AUTHOR

       Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan
       McDonald, and Craig Metz.

       S/Key is a trademark of Bell Communications Research (Bellcore).

CONTACT

       OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join, send an email request to:

       skey-users-request@thumper.bellcore.com

7th Edition							 February 20, 1996							OPIEKEY(1)
Man Page