To enhance security, one-time password system has been set up for connections from outside.

This method is not used anymore, but you may read about it for information.

OTP have then been enforced on CSIM networks for every telnet, ftp and pop for email connections coming from outside. In future, OTP may be enforced for inside connections as well. Standard Unix password can still be used for telnet, ftp and pop for email connections inside CSIM network.

An OTP will always be a group of six English words, for example:

FUNK TACT MEAL RUE REIN FREY

Terms

User ID

is your loggin name used to connect on Unix machines, for example students' user ID look like: a98345.

Sequence number

is a counter that is maintained by the system. Each time you make a connection, the counter is decresead by one.

Warning: Never let the sequence number reach 0, when the sequence number gets dowen to 20, it is time to regenerate a new sequence.

Seed

is a piece of identifier that is generated by the system. The seed is always two letters and four numbers, for example: ba1234.

The seed is a way for the system to identify a user.

Pass phrase

is a secret phrase. It should be at least 15 characters long and at most 127. It can be a full sentence:
The big bad dog is back

Challenge

is the combination of a sequence number and a seed.

Response

is a group of six words, calculates from the challenge and your pass phrase. The response is used as one-time password.

Calculator

is a piece of software used to calculate a response using a challenge and your pass phrase.

Hash identifier

OPIE can use various algorithm to calculate the response. The default algorithm is MD5 and should be used.

Initialisation

1. From any workstation or PC on CSIM network, connect to bazooka.

2. Run opiepasswd:

   bazooka<a98123>41: opiepasswd
   Adding a98123:
   You need the response from an OTP generator.
   New secret pass phrase:
           otp-md5 499 ba1464
           Response: 
   

   Use a calculator with the challenge mentionned by opiepasswd (on the example 499 ba1464), to compute a response and enter it at the prompt on bazooka.

Changing your pass phrase

1. From any work station or PC on CSIM network, connect to bazooka.

2. Run opiepasswd:

   bazooka<a98123>41: opiepasswd
   Updating a98123:
   You need the response from an OTP generator.
   Old secret pass phrase:
           otp-md5 17 ba4825 ext
           Response: 
   

   Calculate the response using the challenge 17 ba4825 and your old pass phrase, enter the calculated response.

3. You are then prompted for a second challenge with a new pass phrase:

   New secret pass phrase:
           otp-md5 499 ba4826
           Response: 
   

   Calculate the new response using the new challenge 499 ba4826 and your new pass phrase. Enter the calculated response, the pass phrase is now updated :

   ID on OTP key is 499 ba4826
   CITY FUSE PAW SOON GOAD ROWS
   bazooka<a98123>42:
   

   Note that the seed has been changed too, and that the sequence number has been reset.

Generating a new sequence number

If you use the same pass phrase for calculating both responses, only the sequence number will change.

A new seed will be used too.

Getting information

bazooka<a98123>211: opieinfo
495 ba4827
bazooka<a98123>212: 

Calculators

• On bazooka, use the command opiekey and the challenge you want to calculate:

  bazooka<a98123>41: opiepkey 45 ba1234
  Using the MD5 algorithm to compute response.
  Reminder: Don't use opiekey from telnet or dial-in sessions.
  Sorry, but you don't seem to be on the console or a secure terminal.
  Warning: Continuing could disclose your secret pass phrase to an attacker!
  Enter secret pass phrase: 
  

  After you entered your pass phrase, you get the response:

  FUNK TACT MEAL RUE REIN FREY
  bazooka<a98123>42:
  

• Calculator on PC. You can download and install a calculator for Win95. It will allow you to calculate responses on your PC.

Contact us: Olivier Nicole

Last update: Jan 2006