OPIE One-Time Password

To enhance security, one-time password system has been set up for connections from outside.CSIM Logo WelcomeCourses
Faculty, Student, Staff
Projects and reports
Conferences, workshop and seminars
Laboratories and reasearch facilities
Information related to CSIM
Information non-related to CSIM
Address, map, phone, etc.

This method is not used anymore, but you may read about it for information.

OPIE is an implementation of the One-Time Password (OTP) System that is considered for the Internet standards-track. As passwords change with each connection, a cracker cannot use a password (s)he had find out to connect again on your account.

OTP have then been enforced on CSIM networks for every telnet, ftp and pop for email connections coming from outside. In future, OTP may be enforced for inside connections as well. Standard Unix password can still be used for telnet, ftp and pop for email connections inside CSIM network.

An OTP will always be a group of six English words, for example:



User ID
is your loggin name used to connect on Unix machines, for example students' user ID look like: a98345.

Sequence number
is a counter that is maintained by the system. Each time you make a connection, the counter is decresead by one.

Warning: Never let the sequence number reach 0, when the sequence number gets dowen to 20, it is time to regenerate a new sequence.

is a piece of identifier that is generated by the system. The seed is always two letters and four numbers, for example: ba1234.

The seed is a way for the system to identify a user.

Pass phrase
is a secret phrase. It should be at least 15 characters long and at most 127. It can be a full sentence:
The big bad dog is back

is the combination of a sequence number and a seed.

is a group of six words, calculates from the challenge and your pass phrase. The response is used as one-time password.

is a piece of software used to calculate a response using a challenge and your pass phrase.

Hash identifier
OPIE can use various algorithm to calculate the response. The default algorithm is MD5 and should be used.
For more information, see OPIE man pages on bazooka: man opie.


Before you can use OPIE, you must register to the system.

  1. From any workstation or PC on CSIM network, connect to bazooka.

  2. Run opiepasswd:
    bazooka<a98123>41: opiepasswd
    Adding a98123:
    You need the response from an OTP generator.
    New secret pass phrase:
            otp-md5 499 ba1464
    Use a calculator with the challenge mentionned by opiepasswd (on the example 499 ba1464), to compute a response and enter it at the prompt on bazooka.

Changing your pass phrase

  1. From any work station or PC on CSIM network, connect to bazooka.

  2. Run opiepasswd:
    bazooka<a98123>41: opiepasswd
    Updating a98123:
    You need the response from an OTP generator.
    Old secret pass phrase:
            otp-md5 17 ba4825 ext
    Calculate the response using the challenge 17 ba4825 and your old pass phrase, enter the calculated response.

  3. You are then prompted for a second challenge with a new pass phrase:
    New secret pass phrase:
            otp-md5 499 ba4826
    Calculate the new response using the new challenge 499 ba4826 and your new pass phrase. Enter the calculated response, the pass phrase is now updated :
    ID on OTP key is 499 ba4826
    Note that the seed has been changed too, and that the sequence number has been reset.

Generating a new sequence number

To generate a new sequence number use the same procedure as above for changing pass phrase.

If you use the same pass phrase for calculating both responses, only the sequence number will change.

A new seed will be used too.

Getting information

The command opieinfo can be used to display your current sequence number and seed on bazooka.
bazooka<a98123>211: opieinfo
495 ba4827


CSIM home pageWMailAccount managementCSIM LibraryNetwork test toolsSearch CSIM directories
Contact us: Olivier Nicole CSIM    SET    AIT Last update: Jan 2006