Cryptography Reference
In-Depth Information
it is almost mandatory to use one-time passwords. The reason is that nobody
knows whether the administrator of that third-party system has a replay daemon
running. Furthermore, SSH won't help you much on third-party systems.
All three programs optionally use MD4 or MD5 as a one-way hash function. Even
though MD4 was inverted in reduced form, and MD5 will probably suffer a simi-
lar destiny in the near future, it is still suitable for computing one-time passwords,
because the cracking of MD5 modifications was based on collision computations,
which means that it doesn't put the use of digital signatures at stake.
OPIE and Logdaemon replace the usual login mechanism with
rlogin, ftp
, and
su
(as opposed to S/Key). The latter is important for the situation described
above, where you log in to your own computer from an external computer and
have to act as a superuser.
In practical work, OPIE is slightly different than explained in Section 6.5.
First of all, the entries are only 64 bits long. The right 64 bits of the 128-bit
hash value are XORed with the left 64 bits. This has ergonomic reasons that
will be explained further below. This is not likely to jeopardize the security.
Second, you always begin with the startup password,
S
0
(see Section 6.5 for
denotations). A local 'OPIE calculator' requests
S
0
and takes it to compute
S
49
, for example. The result is to be transferred to the password entry. If you
use OPIE in a window system, you can easily use its cut-and-paste function;
otherwise, the entry has to be manual. The password
S
0
is calculated from
a sequential number (called
seed
here), and a secret password that you enter
when initializing the password list and which is easier to memorize than one-
time passwords. Both the password and the seed are 'made into'
S
0
in the
keycrunch()
function (called
opiekeycrunch
in OPIE talk) via MD4 or MD5. So,
when having an OPIE calculator program handy, you don't have to memorize
a secret password.
Since the manual entry of numbers (including hexadecimal numbers) is incon-
venient, OPIE translates the hash sum into six readable words. That's pretty
easy: you will find a list with 2048 entries of English words each at most four
letters long in
libopie/btoe.c
. Each word stands for a piece of 11-bit informa-
tion (2
11
=
2048), so six words stand for 66 bits. These are 64 bits for the
actual password and 2 bits for the checksum. All you need to do is to enter a
passphrase, for example,
GILL HUED GOES CHUM LIEU VAIN
