[Beowulf] One time password generators...

Kilian CAVALOTTI kilian.cavalotti.work at gmail.com
Tue Mar 31 02:52:18 PDT 2009


On Wednesday 25 March 2009 14:25:30 Robert G. Brown wrote:
> in fact, to me it seems to be less
> secure, because it is at least partially keyed and there seems to be no
> point in having a key if you're going to carry a table of shared secrets
> around with you.  

Well, I think that the point of otpw is indeed to use OTPs which are made of a 
password prefix and a generated key suffix. So each time you log on, it 
requires something you know (the password), and something you have (the 
generated key on paper). 

It seems much more secure to me than say the traditional OPIE or S/KEY, as 
those only use the generated keys list to authenticate. And moreover, in those 
traditional schemes, the generated keys are deduced from each other, so that 
if you know the last one, you can basically regenerate the whole list.

Cheers,
-- 
Kilian



More information about the Beowulf mailing list