Re: OPIE

• Previous message: Daniel Cross: "Re: OPIE"
• In reply to: ERACC: "Re: OPIE"
• Next in thread: Lars Solberg: "Re: OPIE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 18 Aug 2005 20:55:20 +0100
To: focus-linux@securityfocus.com

> > I'v been looking around a lot now, after opie (one time password in
> > everything) related stuff. The orginal dev site was lokated at
> > http://inner.net/opie/ but it seams like that link is dead.
> > I know the opie project stalled in 1998 some times but some BSD
> > people made a rewrite in 1999 but i cant find that eighter.
> > Soo what is happening to all the otp/opie stuff? Does nobody use it
> > anymore? Does anybody have some updated info about this, or know
> > about anything else that can give me an otp login.

> IIRC there is something similar on Linux but I don't recall if it is
> OPIE or some other acronym as it has been a while since I looked into
> this.

Perhaps you are thinking of Markus Kuhn's OTPW?
http://www.cl.cam.ac.uk/~mgk25/otpw.html
"OTPW is not compatible with and is not derived from either S/KEY or
OPIE. It is a completely independent and different design, which I
believe fulfils my functional and security requirements better."
It prints you a page of one-time passes. These are independent of
one-another and chosen in random order. To protect against theft of the
sheet, it also uses a constant (memorised) password. An attacker has to
both steal the sheet and eavesdrop the password to break the scheme.

-- 
"The  rules  of  programming  are  transitory;  only  Tao  is  eternal. 
 Therefore you  must contemplate Tao before you receive  enlightenment."
"How will I know when I have received enlightenment?"  asked the novice.
"Your program will then run correctly," replied the master.             

• Previous message: Daniel Cross: "Re: OPIE"
• In reply to: ERACC: "Re: OPIE"
• Next in thread: Lars Solberg: "Re: OPIE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]