|OPIE One-Time Password|
|To enhance security, one-time password system has been set up for connections from outside.|
This method is not used anymore, but you may read about it for information.OPIE
is an implementation of the One-Time Password (OTP) System that is considered for the Internet standards-track. As passwords change with each connection, a cracker cannot use a password (s)he had find out to connect again on your account.
OTP have then been enforced on CSIM networks for every telnet, ftp and pop for email connections coming from outside. In future, OTP may be enforced for inside connections as well. Standard Unix password can still be used for telnet, ftp and pop for email connections inside CSIM network.
An OTP will always be a group of six English words, for example:
FUNK TACT MEAL RUE REIN FREY
Warning: Never let the sequence number reach 0, when the sequence number gets dowen to 20, it is time to regenerate a new sequence.
The seed is a way for the system to identify a user.
For more information, see OPIE man pages on bazooka: man opie.
Before you can use OPIE, you must register to the system.
bazooka<a98123>41: opiepasswd Adding a98123: You need the response from an OTP generator. New secret pass phrase: otp-md5 499 ba1464 Response:Use a calculator with the challenge mentionned by opiepasswd (on the example 499 ba1464), to compute a response and enter it at the prompt on bazooka.
bazooka<a98123>41: opiepasswd Updating a98123: You need the response from an OTP generator. Old secret pass phrase: otp-md5 17 ba4825 ext Response:Calculate the response using the challenge 17 ba4825 and your old pass phrase, enter the calculated response.
New secret pass phrase: otp-md5 499 ba4826 Response:Calculate the new response using the new challenge 499 ba4826 and your new pass phrase. Enter the calculated response, the pass phrase is now updated :
ID on OTP key is 499 ba4826 CITY FUSE PAW SOON GOAD ROWS bazooka<a98123>42:Note that the seed has been changed too, and that the sequence number has been reset.
To generate a new sequence number use the same procedure as above for changing pass phrase.
If you use the same pass phrase for calculating both responses, only the sequence number will change.
A new seed will be used too.
The command opieinfo can be used to display your current sequence number and seed on bazooka.
bazooka<a98123>211: opieinfo 495 ba4827 bazooka<a98123>212:
bazooka<a98123>41: opiepkey 45 ba1234 Using the MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Sorry, but you don't seem to be on the console or a secure terminal. Warning: Continuing could disclose your secret pass phrase to an attacker! Enter secret pass phrase:After you entered your pass phrase, you get the response:
FUNK TACT MEAL RUE REIN FREY bazooka<a98123>42:
|Contact us: Olivier Nicole||Last update: Jan 2006|