Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 7 Dec 2009 19:11:23 -0500
From:      Mark Fullmer <maf@eng.oar.net>
To:        Tomasz bla Fortuna <bla@thera.be>
Cc:        freebsd-security@freebsd.org
Subject:   Re: One-time password implementation.
Message-ID:  <73FE9669-75FD-4E2B-A238-68EAC6AA941B@eng.oar.net>
In-Reply-To: <20091207201924.5d6ef1bf@thera.be>
References:  <20091207201924.5d6ef1bf@thera.be>

next in thread | previous in thread | raw e-mail | index | archive | help
I recently released a BSD licensed smart card based OTP system we've  
used over the past few years.  It uses the OATH HOTP algorithm and  
includes an OTP library, PAM module, smart card firmware, pin pad  
reader firmware, associated management utilities and man page  
documentation.  The smart card and reader(s) hardware can be purchased  
in single quantities and it all works natively with FreeBSD.  The HOTP  
algorithm has gained some momentum with a few vendors now selling  
hardware tokens which should work with this software.

http://www.splintered.net/sw/otp

It might be easier to add GRC PPP to this than to start from scratch.

--
mark

On Dec 7, 2009, at 2:19 PM, Tomasz bla Fortuna wrote:

> Hello,
>  I've read thread that took place on this list in February
> (http://lists.freebsd.org/pipermail/freebsd-security/2009-February/005132.html 
> )
> which tries to find a new solution for OTP authentication as current
> implementation of OPIE is kind of outdated.
>
> I'm currently implementing a PAM module using GRC Perfect Paper
> Passwords algorithm (with small optional changes). It's far from
> perfect/stable release, yet all its main features work (printing
> passcards, generating keys, switching flags, labelling passcards, PAM
> authentication and parts of out-of-bound passcode transmission).
>
> Project is hosted here:
> http://savannah.nongnu.org/projects/otpasswd/
>
> It tries to fix all pitfalls of another existing implementation,  
> namely
> ppp-pam (http://code.google.com/p/ppp-pam/) which at first I just
> wanted to fix and use.
>
> Things that requires fixing are testcases (there're too little),
> splitting into a library+utility+pam_module and most probably a little
> redesign to allow user keys to be stored in /etc instead of their  
> homes
> which will require SUID utility.
>
> I'm curious of your thoughts, if there's any interest and if so - what
> should be done (and how can you help of course. :P).
>
> Licensing issue:
> It's currently developed under GPL3+, but as I'm currently the only
> code-author I wouldn't hesitate much to relicense it under BSD if it
> would make anyone happy (also note that it uses GMP[lgpl3+] as a  
> bignum
> library, PAM and OpenSSL).
>
> System issue:
> I'm testing it currently using Linux so after program gets a bit
> stable I would have to finally try it on FreeBSD. Most probably some
> other interested person can review it and port. I'll be glad to have  
> it
> working under fbsd so I'll most probably do it myself sometime.
>
> Cheers,
> -- 
> Tomasz bla Fortuna
> jid: bla(at)af.gliwice.pl
> pgp: 0x90746E79 @ pgp.mit.edu a6c0*8884
> www: http://bla.thera.be
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org 
> "
>




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?73FE9669-75FD-4E2B-A238-68EAC6AA941B>