Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: One-Time Pad Authentication

From: the1 () unixclan net
Date: Mon, 1 Dec 2003 16:23:42 -0800 (PST)
Since your system would only be as strong as the methiod of transporitng
the key (PGP, SSH, whatever), isn't OTP a little excessive?


On Sun, 30 Nov 2003, Jonathan A. Zdziarski wrote:


Before I write this thing, I wanted to check and see if anyone on the
list knows if such a tool already exists in the open-source community.
I've done some google and freshmeat searches but didn't find anything
that seemed to fit the bill.  The closest thing I found was E-Pad which
seems to be more related to file encryption than authentication.

I'm interested in coding a one-time pad authentication system; similar
to SecurID or other types of token authentication only with software
tokens.  The administrator would generate the one-time pads for each
user and distribute them using whatever secure method gets coded (PGP,
SSH, or whatever).

The user then has a software token on their machine with the token code
that changes either every use, or uses some type of challenge/response
system, blah blah blah.  This token is used to log into systems,
etcetera.

I'd be interested in knowing if such an open-source tool exists, and if
not who would be interested in working on it with me (email me privately
if interested).

Jonathan



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: