"Jonathan A. Zdziarski" <[EMAIL PROTECTED]> writes: > Before I write this thing, I wanted to check and see if anyone on the > list knows if such a tool already exists in the open-source community. > I've done some google and freshmeat searches but didn't find anything > that seemed to fit the bill. The closest thing I found was E-Pad which > seems to be more related to file encryption than authentication. > > I'm interested in coding a one-time pad authentication system; similar > to SecurID or other types of token authentication only with software > tokens. The administrator would generate the one-time pads for each > user and distribute them using whatever secure method gets coded (PGP, > SSH, or whatever). > > The user then has a software token on their machine with the token code > that changes either every use, or uses some type of challenge/response > system, blah blah blah. This token is used to log into systems, > etcetera. > > I'd be interested in knowing if such an open-source tool exists, and if > not who would be interested in working on it with me (email me privately > if interested).
Yes, this exists. What you're describing was originally known a S/Key and was standardized by the IETF under the name of "One-time Password" (OTP) See http://www.ietf.org/rfc/rfc2289.txt S/Key and OTP calculators, PAM modules, etc. are fairly widely available. -Ekr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
