digg

Facebook Connect Join Digg About

One-time Passwords In Everything

freebsd.org Nice how-to on implementing One Time Passwords with OPIE in *nix.

Who dugg this? Made popular Aug 21, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

12 Comments

show profanity settings
expand all
  • TheAttacks, on 10/12/2007, -3/+5Wouldn't this only apply to BSD (judging a book by it's URL here)?
  • emFi, on 10/12/2007, -0/+2OPIE - if it's similar to skey, which is what I set up on my OpenBSD box - is more secure than normal challenge-response systems because you can use it from an untrusted computer. For example, if I'm in the school computer lab where anyone could have stuck in a hardware keystroke logger, using a one-time-password protects my real password. An eavesdropper might gain session information, but wouldn't be able to gain access to my machine themselves.
  • monergism, on 10/12/2007, -0/+1If you have to ask about being root at all times, you don't understand administration or security.

    I recommend a unix system administration book that may help you in understanding your question.
  • motionblur, on 10/12/2007, -0/+1The 4th and 5th episodes of the Security Now podcast discuss some excellent methods for good password creation:

    http://www.grc.com/SecurityNow.htm
  • ekrub, on 10/12/2007, -0/+1Are we digging man pages now? ;)

    Better update wikipedia...it says that OPIE isn't active.
    http://en.wikipedia.org/wiki/OPIE_Authentication_System

    bury
  • renzodesign, on 10/12/2007, -0/+1Thats what the first line says :D
    it's all good :D
    my freebsd is gathering dust :(
  • inactive, on 10/12/2007, -1/+1i dont see much reason for this. by storing your pass wouldnt that not be so secure? why not just be "root" at all times?
  • bjnord, on 10/12/2007, -0/+0No; any OpenSSH can do it. I have it running on my Fedora Core 3 box; a simple change to the SRPM SPEC file and a rebuild/update of the RPM.
  • inactive, on 10/12/2007, -0/+0LOL although it's interesting and FreeBSD is my favorite OS (PC-BSD), I don't know why digging a handbook chapter rather than another one... The FreeBSD handbook was a decisive factor before defining FreeBSD as my OS of choice. Let's digg other chapters :)
  • sk545, on 10/12/2007, -1/+1so, is there one called ANTHONY too?
  • Electrawn, on 10/12/2007, -0/+0Not actively maintained isn't a bad thing, product appears mature. So wikipedia updated to give a balanced POV. :)
  • JoshD, on 10/12/2007, -0/+0Ok. Honestly, this is not really more secure than challenge-response authentication. With OPIE, the original vectors are stored on the original machine; get access to the machine and you can get access to the vectors. CRAM is the same way; as long as the original password is secure, this doesn't buy you anything new.. Except, oh, yeah, Challenge-Response authentication can be used for more than 100 iterations. My two cents.

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.