Quoting Benjamin Lutz <[email protected]> (from Thu, 12 Feb 2009 11:13:58 +0100):

Hi Alexander,

Sorry for the delay, an illness is making its rounds here and I got hit too...

On Thursday 12 February 2009 10:41:19 Alexander Leidinger wrote:
- Implement something which is similar o freeauth.org, just better
implemented and without the "not so good" stuff / design decissions.

Short: they need something you know (PIN) + something you have (e.g.
token, or mobile phone with java with some fixed key). You then enter
your arbitrary long PIN into the phone, and it will give you a time
limited key to login (so the time needs to be in sync to some extend).
On the machine you login you need the cleartext version of your PIN,
the fixed key, and ideally it saves the the PW you just used to login
to prevent a relogin with the same PW. If you've seen the remote login
tokens from RSA or similar, then you should get the idea what this is
about.

I've stumbled accross freeauth.org while researching the subject. The reason
I didn't consider it is because so far I've been just printing out my otps,
and that's no longer possible with freeauth.org. And there are situations
where I can't run a Java program on my phone, for example when I'm using
the phone as a bluetooth modem.

Nothing prevents you to write a program in C, perl, or whatever. This way you can generate the PW on the system where you use the blutooth modem (in case it is trusted).

I'm not saying that time-based pws wouldn't be nice to have, it just goes in
a different direction than OPIE, so it's not what I'm looking for at the
moment. Also, the thought of having to write programs in J2ME again
horrifies me :)

I wrote down a while ago the algorithm somewhere (based upon my own
thoughts how to do it, this was before I've seen freeauth, so it's
independent), and also thought about the bells and whistles (some
security pitfalls you need to think about). If you are interested in
implementing this (ideally with a BSD license for inclusion into the
base system)

While I most probably won't implement freeauth.org, I'd still like to see
your notes; the security pitfalls you considered are likely there for other
algorithms too.

The notes are in the direction of notifying the user if the PIN can hit non-volatile storage, or that the storage area of the PIN needs to 0ed in-place after use to prevent it to appear in (provoked) crash dumps or just plain reading from memory. There are also notes about the valid character set (there should be no NUL byte or newline, but apart from that there should be not much restrictions (depends upon the device you use to enter the PIN)), that the device which prints out the PW should also have an indication for the lifetime of the PW, that the server should save the valid PWs of the current valid timeframe to prevent multiple logins with the same PW (also serves as an indicator that someone spied out the PW in case you enter the PW correctly and the timeframe is OK too).

The algorithm itself is not 100% finished yet. The generic part is done, but I haven't finished the details (important here is the format of the date which is passed to the hash function, which hash funtion to use, how long the PW can be (truncation of the hash and the corresponding security implications... also in the light of user convenience)). If someone really wants to put some amount of time/work into this, I can put it up on the FreeBSD wiki and hand out contributor access to it, but just to satisfy the curiosity of people, I'm not interested to invest the necessary time to polish it and put it up on the wiki.

Bye,
Alexander.

--
A sect or party is an elegant incognito devised to save a man from
the vexation of thinking.
                -- Ralph Waldo Emerson, Journals, 1831

http://www.Leidinger.net    Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org       netchild @ FreeBSD.org  : PGP ID = 72077137
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"

Reply via email to