One time passwords, a simple guide. ---------------------------------------------------------------------------- This document is copyright Michael Lawrie and Shonky Internet, 1997. It may be used and distributed freely, provided it is not changed in any way. The author accepts no responsibility for anything at all, ever. This is a draft copy - Version 1.0 970812-1510 ---------------------------------------------------------------------------- Introduction: This document was written for users of our systems to understand how the Opie one time password system works, and how they should use it. I have made the document as generic as possible, and included some background information so that it can be used elsewhere, and so that people understand why this system is important. One time passwords: If you are logging into a remote machine, over an untrusted network, there is a chance that someone is out there watching for people typing their usernames and passwords by 'sniffing' the network. No matter how good your password is, if someone has snooped you typing it you can say goodbye to the security on your account. This also applies to biometric forms of identification if they are sent simply as streams of raw data. The binary representation of your fingerprint can be logged, and played back as easily as a normal password by a determined enough hacker. To prevent this, a lot of systems are now starting to use one-time passwords. The theory is quite simple: 1/ You call up the remote system 2/ The remote system asks you who you are 3/ You type your username 4/ The system looks up some information on you. It needs to check firstly that it knows who you are and secondly, it needs a 'seed' by which to generate a challenge to give to you later 5/ If the system doesn't know who you are, it issues a fake challenge and ignores the responses - It does this so as not to give hackers a clue as to what usernames are valid to the system 6/ The system will present you with a challenge 7/ You type the challenge into a 'calculator', and then type a unique password in as well. The calculator uses these two peices of data to calculate a response for you, which it then displays. 8/ You type the response to the remote system 9/ Using the information the remote system knows about you, it does a similar calculation to produce the response it would expect, if the two match, it lets you in and updates your user information so that next time, a different 'seed' will be used. 10/ If the responses do not match, the attempt is logged, you will not be permitted to login, the seed isn't updated. Opie and S/KEY: For convenience, I will use the term 'Opie' when technically talking about S/KEY authentication - They are the same thing but the way they are implemented is slightly different. I also don't like capitals, and S/KEY looks messy. Opie is a Unix one time password system, that works pretty much as above. Calculators are available on many platforms and once you get used to it, it's pretty easy to use. It has the advantage (or if you are a security manager, disadvantage) that the responses don't have any variable element such as the day/time built in, meaning that users can calculate responses in advance. This means that you could print out all 999 passwords in any one Opie sequence and just read the response off a list each time without having to recalculate. Although this is possible, it is highly inadvisable. Opie uses a sequence of 999 passwords (S/KEY tends to use 99), when you get to the last one, you must set a new 'key' or you won't be able to login - Every time you login, the sequence number is reduced by one. A login sequence looks pretty much like this: login: fred <- This is the username otp-md5 189 wa1663 <- This is the challenge Response: bog safe bug gyp bark sled <- This is the response The response to the challenge is always made up of a number of small words, the theory is that they are easier to transcribe from the calculator than a large string of gibberish. Using the calculator: How you use the calculator pretty much depends on which one you are using. Preferably you should use 'Winkey' on a Windows box, as an alternative, you may use one of the calculators available for handheld computers such as the HP200 - Do not use one of the Unix tools for generating a response unless you know what you are doing (see the gotchas section, later). In the example above, you would simply type 'otp-md5 189 wa1663' into WinKey's "Challenge" box, type your secret pass phrase (in this case, it was 'fred') into the "Password" box, and if you hit the compute button, it will give 'bog safe bug gyp bark sled' in the "Response" box. Winkey has some cute features, like the ability to auto paste the challenge, and the fact that it auto-copies the response ready for you to paste in. If you use NetTerm, in conjunction with WinKey, the whole thing is even easier, provided Winkey is in your Windows path, if you right click on the challenge, select 'Compute S/Key - OTP response' then it pretty much does everything for you. The Unix end of Opie: Firstly, for a much more in depth discussion of Opie, type 'man opie'. The only other command you really need to know is 'opiepasswd'. This sets or changes your Opie password. To set it for the 1st time (only possible if normal shell logins are allowed), simply type 'opiepasswd' - You will need a calculator to generate yourself a key. If you read the manual entry, you will see that the is an option to use 'console mode' - Quite simply, don't. Generally, the key will have been pre-set for you by the systems manager, so you will need to change it as soon as you login. To change your password (remember, as the sequence number gets close to zero, you need to) again simply type 'opiepasswd' - Again, you will need a calculator to do this. What uses Opie? In theory, everything - In practice, anything that gives you any form of interactive access to the machine. This means that login, rlogin, telnet, ftp etc, all demand that you use one time passwords to access your account. POP3 access does not use Opie - Although it is possible to make it do so, most POP clients don't understand it - What we have done is disable any normal access that would use a real Unix password (this includes su and ssh login) so that the only service using it is POP3. If someone gets your Unix password, all they can do is to read your mail. Gotchas: The whole concept of one time passwords, especially with Opie, relies on the password you use to the calculator remaining secure. The whole procedure relies on the fact that the password you type in to calculate the response never travels over any networks and thus, cannot be snooped. The safest way to do this, is to use a standalone calculator, such as a handheld computer. Winkey is theoretically quite secure, although it relies on the fact that your copy of Windows hasn't been compromised. With new desktop technologies becoming more intergrated with the network, it is getting debatable how secure the desktop will be in future. Also, you should never save the password in the calculator and preferably set the auto-clear password option. Calculating the response on another unix box is not safe, unless you are 100% sure of the integrity of both the unix box, and the network it is on; the same goes for using a calculator running on any X-Display. Printing out a set of 10 responses (for example, if you are going on holiday) may not seem too bad an idea, provided you keep the peice of paper secure - But are you using a network printer to print them on? Further reading: Unix box: man opie more /usr/local/doc/opie (RFC 1938) Internet: RFC 1938 http://news.janet.ac.uk/CERT/Software/OPIE/ http://www.bellcore.com/SECURITY/skey.html Winkey: http://www.uknet.com/winkey.exe ftp://ftp.uknet.com/pub/winkey.exe