Cryptography Reference
In-Depth Information
once you've logged yourself in, and has to have superuser privileges (called
suid root
).
If you can't get any of the three programs running on your system, or if your
administrator is not nice, you can write yourself a C program (or there might
already be one) that verifies one-time passwords, and is then invoked instead of
the shell. Only if the test passes does this C program invoke the right shell. The
benefit is that this program could test whether or not the login is via modem and,
if not, skip the password verification. The administrator only needs to register
this new shell for the user and won't have any other additional work. If he
doesn't even want to do this wee bit, you can invoke the program from within
profile
. Watch for potential interrupts — execute the
trap
command first — and
set an environment variable so that you won't end up in a continuous loop.
This could look like this for the Bourne and Korn shells:
trap '' 1 2 3 15
[ "$MY_OPIE_WAS_CALLED" ] && exec my_opie
...
The
my opie
program allocates a value to the environment variable MY OPIE
WA S
' sign
if the password verified successfully, so it becomes the login shell. More details
would go beyond the scope and volume of this topic.
CALLED, for example, 'yes', and invokes the shell with leading '
−
With this, the UNIX password will lose its significance. However, this still
doesn't provide you with a secure
ftp
access.
Unfortunately, you will have to enter two passwords in every login from now
onwards: first the 'right' one, then the one-time password. Before going on a
trip, you may want to change your 'right' password and activate the login via
one-time password. Upon your return, you can undo everything. That's only
a makeshift solution. But you saw that one can always try to build a solution
from the tools available.
7.6 An RC5a Implementation
In closing this discussion, I will introduce the shortest program in this chapter,
namely my own implementation,
rc5a
, of the RC5a algorithm described in
Section 5.4.3. It is a C program about 650 lines long and primarily designed
