Date: Tue, 08 Jul 2008 17:37:26 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: "Ivan Grover" <ivangrvr299@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: OPIE Challenge sequence Message-ID: <8663rg5qvd.fsf@ds4.des.no> In-Reply-To: <670f29e20807080641wb6f76cctfacfbb2af2f4f7e9@mail.gmail.com> (Ivan Grover's message of "Tue\, 8 Jul 2008 19\:11\:35 %2B0530") References: <670f29e20807080316s6cf57612jf5135bfd340e3328@mail.gmail.com> <20080708113030.GN62764@server.vk2pj.dyndns.org> <670f29e20807080641wb6f76cctfacfbb2af2f4f7e9@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Ivan Grover" <ivangrvr299@gmail.com> writes: > Thank you so much for your responses. By "predetermined ", i meant the > challenges appear sequentially in decremented fashion, so are we aware of > any security hole with this. There is no way to deduce the next challenge from the current one. This is documented in the opie(4) man page. Here's the only advisory I could find for OPIE: http://security.freebsd.org/advisories/FreeBSD-SA-06:12.opie.asc > I ask this because usually the challenge/response implementations > consider generating random challenges( i think here they have a > weakness where the passphrase need to be in clear text). OPIE cannot use random challenges, because one of the requirements is that it should be possible to print a list of pre-generated responses. The advantage of OPIE over traditional passwords is that OPIE is not vulnerable to replay attacks, but this is not as relevant these days as it was back when S/Key (on which OPIE is based) was designed. Replay attacks aren't very effective against encrypted protocols such as SSH. > My problem is to determine the best challenge/response implementation > for authenticating the clients. Systems like OPIE, where the challenge is actually issued to the user and not just to the user's software, require the user to have access to a response calculator, or to carry a sheet of precalculated responses. The former is difficult unless the users always log in from their own desktop or laptop computer, and the latter is usually a bad idea since someone might steel the sheet. On the bright side, it should be fairly easy to write an OTP calculator that run on a cell phone, such as an S60-based Nokia phones or an iPhone. I'd say that the only advantage of OPIE today is that it's free. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8663rg5qvd.fsf>