Re: OPIE Challenge sequence

Thank you so much for your responses. By "predetermined ", i meant the
challenges appear sequentially in decremented fashion, so are we aware of
any security hole with this. I ask this because usually the
challenge/response implementations consider generating random challenges( i
think here they have a weakness where the passphrase need to be in clear
text).


My problem is to determine the best challenge/response implementation for
authenticating the clients.


Please correct me if i missed something.

Thanks and Regards,
Ivan

On Tue, Jul 8, 2008 at 5:00 PM, Peter Jeremy <peterjeremy@xxxxxxxxxxxxxxxx>
wrote:

On 2008-Jul-08 15:46:37 +0530, Ivan Grover <ivangrvr299@xxxxxxxxx> wrote:
Iam trying to choose OPIE as my OTP implementation for authenticating the
clients. I have the following queries, could anyone please let me know
these
-- why does the challenge in OPIE are in predetermined form..
is it for determining the decryption key for the encrypted
passphrase(stored
in opiekeys).

The passphrase is not encrypted - it is hashed and cannot be "decrypted".
Basically, the passphrase and seed are concatenated and the result is
hashed (using MD5) the number of times specified by the iteration count
and the seed, count and final hash are stored in /etc/opiekeys.

The supplied response is easily verified because when you run it thru
MD5, you should get the hash in /etc/opiekeys. You then replace that
hash with the one the user supplied.

-- is it possible to generate random challenges using opiechallenge

No. The seed has to match the seed that was used to generate the
hash with opiepasswd.

--
Peter Jeremy
Please excuse any delays as the result of my ISP's inability to implement
an MTA that is either RFC2821-compliant or matches their claimed behaviour.

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: OPIE Challenge sequence
    ... The passphrase is not encrypted - it is hashed and cannot be "decrypted". ... The supplied response is easily verified because when you run it thru ... MD5, you should get the hash in /etc/opiekeys. ...
    (FreeBSD-Security)
  • Re: A question on an article dealing with pass phrase and keys
    ... In the section Keys vs. Passphrases He mentions using a hashing ... first and it goes through the hash function first. ... Hashing the passphrase to produce a key will not increase ... This can be useful for various crypto applications, ...
    (sci.crypt)
  • Re: XOR passphrase with a constant
    ... to the attacker it does not immediately provide progress in either direction ... hashes that it provides progress on, ... passphrase, even if it is know to the attacker, then it can be considered ... passphrase could have enough entropy that the apparent entropy overflows ...
    (sci.crypt)
  • RE: ADS Password Storage Protection
    ... "garzelfloposaurus" there would be no LM hash of this password nor of my old ... king passphrase example, because LM is limited to 14 characters. ... The essence of the LM Hash vulnerability is being able to ... Your Old King Cole example suffers from the same weakness. ...
    (Security-Basics)
  • Re: Newbie - Does This Make Sense?
    ... clear text before encrypting it. ... hash of the passphrase somewhere, and when the user enters some key, ... it is hashed then used to decrypt the stored hash. ... Remember to decrypt a copy of the stored encrypted hash, ...
    (sci.crypt)