Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 8 Jul 2008 21:30:30 +1000
From:      Peter Jeremy <peterjeremy@optushome.com.au>
To:        Ivan Grover <ivangrvr299@gmail.com>
Cc:        freebsd-security@FreeBSD.org
Subject:   Re: OPIE Challenge sequence
Message-ID:  <20080708113030.GN62764@server.vk2pj.dyndns.org>
In-Reply-To: <670f29e20807080316s6cf57612jf5135bfd340e3328@mail.gmail.com>
References:  <670f29e20807080316s6cf57612jf5135bfd340e3328@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--rWhLK7VZz0iBluhq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2008-Jul-08 15:46:37 +0530, Ivan Grover <ivangrvr299@gmail.com> wrote:
>Iam trying to choose OPIE as my OTP implementation for authenticating the
>clients. I have the following queries, could anyone please let me know the=
se
>-- why does the challenge in OPIE are in predetermined form..
>is it for determining the decryption key for the encrypted passphrase(stor=
ed
>in opiekeys).

The passphrase is not encrypted - it is hashed and cannot be "decrypted".
Basically, the passphrase and seed are concatenated and the result is
hashed (using MD5) the number of times specified by the iteration count
and the seed, count and final hash are stored in /etc/opiekeys.

The supplied response is easily verified because when you run it thru
MD5, you should get the hash in /etc/opiekeys.  You then replace that
hash with the one the user supplied.

>-- is it possible to generate random challenges using opiechallenge

No.  The seed has to match the seed that was used to generate the
hash with opiepasswd.

--=20
Peter Jeremy
Please excuse any delays as the result of my ISP's inability to implement
an MTA that is either RFC2821-compliant or matches their claimed behaviour.

--rWhLK7VZz0iBluhq
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)

iEYEARECAAYFAkhzT9YACgkQ/opHv/APuIexBwCfbj3Hwop1K8yVLJIhFNLENSMQ
4asAoIorEgEO0jPeacEcyeyTFVJFV/e5
=gO0Y
-----END PGP SIGNATURE-----

--rWhLK7VZz0iBluhq--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080708113030.GN62764>