| opie.4 (59121) | opie.4 (92914) |
|---|---|
| 1.\" opie.4: Overview of the OPIE software. 2.\" 3.\" %%% portions-copyright-cmetz-96 | 1.\" opie.4: Overview of the OPIE software. 2.\" 3.\" %%% portions-copyright-cmetz-96 |
| 4.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights | 4.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights |
| 5.\" Reserved. The Inner Net License Version 2 applies to these portions of 6.\" the software. 7.\" You should have received a copy of the license with this software. If 8.\" you didn't get a copy, you may request one from <license@inner.net>. 9.\" 10.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan 11.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned 12.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and 13.\" License Agreement applies to this software. 14.\" 15.\" History: 16.\" | 5.\" Reserved. The Inner Net License Version 2 applies to these portions of 6.\" the software. 7.\" You should have received a copy of the license with this software. If 8.\" you didn't get a copy, you may request one from <license@inner.net>. 9.\" 10.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan 11.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned 12.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and 13.\" License Agreement applies to this software. 14.\" 15.\" History: 16.\" |
| 17.\" Modified by cmetz for OPIE 2.4. Spelling fixes. |
|
| 17.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation. Removed 18.\" references to the old square brackets challenge delimiters. 19.\" Modified at NRL for OPIE 2.01. Updated UNIX trademark credit. 20.\" Definition of "seed" written by Neil Haller of Bellcore 21.\" Written at NRL for OPIE 2.0. 22.\" | 18.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation. Removed 19.\" references to the old square brackets challenge delimiters. 20.\" Modified at NRL for OPIE 2.01. Updated UNIX trademark credit. 21.\" Definition of "seed" written by Neil Haller of Bellcore 22.\" Written at NRL for OPIE 2.0. 23.\" |
| 23.\" $FreeBSD: head/contrib/opie/opie.4 59121 2000-04-10 11:18:54Z kris $ | 24.\" $FreeBSD: head/contrib/opie/opie.4 92914 2002-03-21 23:42:52Z markm $ |
| 24.\" 25.TH OPIE 4 "January 10, 1995" 26.SH NAME 27.B OPIE \- One-time Passwords In Everything 28.SH DESCRIPTION 29.LP 30OPIE is a package derived from the Bellcore S/Key Version 1 distribution 31that helps to secure a system against replay attacks (see below). It does so --- 50 unchanged lines hidden (view full) --- 82.I response 83A packet of information generated from a challenge that is used by a system to 84authenticate a user. In OPIE, this is a group of six words that is generated by 85the calculator given the challenge and the secret password. For example, 86"PUP SOFT ROSE BIAS FLAG END". 87.TP 88.I seed 89A piece of information that is used in conjunction with the secret password | 25.\" 26.TH OPIE 4 "January 10, 1995" 27.SH NAME 28.B OPIE \- One-time Passwords In Everything 29.SH DESCRIPTION 30.LP 31OPIE is a package derived from the Bellcore S/Key Version 1 distribution 32that helps to secure a system against replay attacks (see below). It does so --- 50 unchanged lines hidden (view full) --- 83.I response 84A packet of information generated from a challenge that is used by a system to 85authenticate a user. In OPIE, this is a group of six words that is generated by 86the calculator given the challenge and the secret password. For example, 87"PUP SOFT ROSE BIAS FLAG END". 88.TP 89.I seed 90A piece of information that is used in conjunction with the secret password |
| 90and sequence numer to compute the response. Its purpose is to allow the same | 91and sequence number to compute the response. Its purpose is to allow the same |
| 91secret password to be used for multiple sequences, by changing the seed, or 92for authentication to multiple machines by using different seeds. 93.TP 94.I sequence number 95A counter used to keep track of key iterations. In OPIE, each time a successful 96response is received by the system, the sequence number is decremented. For 97example, "95". 98.TP --- 39 unchanged lines hidden (view full) --- 138 139.SH THE S/KEY ALGORITHM 140 141A solution to this whole problem was invented by Lamport in 1981. This 142technique was implemented by Haller, Karn, and Walden at Bellcore. They 143created a free software package called "S/Key" that used an algorithm 144called a cryptographic checksum. A cryptographic checksum is a strong one-way 145function such that, knowing the result of such a function, an attacker still | 92secret password to be used for multiple sequences, by changing the seed, or 93for authentication to multiple machines by using different seeds. 94.TP 95.I sequence number 96A counter used to keep track of key iterations. In OPIE, each time a successful 97response is received by the system, the sequence number is decremented. For 98example, "95". 99.TP --- 39 unchanged lines hidden (view full) --- 139 140.SH THE S/KEY ALGORITHM 141 142A solution to this whole problem was invented by Lamport in 1981. This 143technique was implemented by Haller, Karn, and Walden at Bellcore. They 144created a free software package called "S/Key" that used an algorithm 145called a cryptographic checksum. A cryptographic checksum is a strong one-way 146function such that, knowing the result of such a function, an attacker still |
| 146cannot feasably determine the input. Further, unlike cyclic redundancy | 147cannot feasibly determine the input. Further, unlike cyclic redundancy |
| 147checksums (CRCs), cryptographic checksums have few inputs that result in the 148same output. 149.LP 150In S/Key, what changes is the number of 151times the password is run through the secure hash. The password is run through 152the secure hash once, then the output of the hash is run through the secure 153hash again, that output is run through the secure hash again, and so on until 154the number of times the password has been run through the secure hash is equal --- 185 unchanged lines hidden --- | 148checksums (CRCs), cryptographic checksums have few inputs that result in the 149same output. 150.LP 151In S/Key, what changes is the number of 152times the password is run through the secure hash. The password is run through 153the secure hash once, then the output of the hash is run through the secure 154hash again, that output is run through the secure hash again, and so on until 155the number of times the password has been run through the secure hash is equal --- 185 unchanged lines hidden --- |