Since your system would only be as strong as the methiod of transporitng the key (PGP, SSH, whatever), isn't OTP a little excessive?
On Sun, 30 Nov 2003, Jonathan A. Zdziarski wrote: > Before I write this thing, I wanted to check and see if anyone on the > list knows if such a tool already exists in the open-source community. > I've done some google and freshmeat searches but didn't find anything > that seemed to fit the bill. The closest thing I found was E-Pad which > seems to be more related to file encryption than authentication. > > I'm interested in coding a one-time pad authentication system; similar > to SecurID or other types of token authentication only with software > tokens. The administrator would generate the one-time pads for each > user and distribute them using whatever secure method gets coded (PGP, > SSH, or whatever). > > The user then has a software token on their machine with the token code > that changes either every use, or uses some type of challenge/response > system, blah blah blah. This token is used to log into systems, > etcetera. > > I'd be interested in knowing if such an open-source tool exists, and if > not who would be interested in working on it with me (email me privately > if interested). > > Jonathan > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
