Full Disclosure mailing list archives

Re: One-Time Pad Authentication

From: "Jonathan A. Zdziarski" <jonathan () nuclearelephant com>
Date: Sun, 30 Nov 2003 22:23:08 -0500

You don't actually mean a one-time pad, do you?  Sounds like you're 
referring to a one-time token authentication system, especially since you 
mention SecurID.  (I mention this because a few responses are reacting to 
you mentioning an OTP, but I don't think that's what you meant.)


Actually I was interested in a pad...not a seeded authentication
mechanism.  I realize there's a key distribution issue, but it's not
difficult to give out a CD with a few years worth of codes on it.

Seeded will suffice though, in lieu of rolling my own OTP.

I've been using SecurID at the companies I've worked at, so I didn't get
a chance to see what's on the open source network, but now that I'm
looking to implement this on my own systems, looks like a couple of the
tools people mentioned might work.  

Jonathan




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

One-Time Pad Authentication Jonathan A. Zdziarski (Nov 30)
- Re: One-Time Pad Authentication Jeremiah Cornelius (Nov 30)
- Re: One-Time Pad Authentication Michael Sierchio (Nov 30)
- Re: One-Time Pad Authentication Gary E. Miller (Nov 30)
- don't waste your time (was: Re: One-Time Pad Authentication) jon schatz (Nov 30)
- Re: One-Time Pad Authentication Eric Rescorla (Nov 30)
- Re: One-Time Pad Authentication Blue Boar (Nov 30)
  - Re: One-Time Pad Authentication Jonathan A. Zdziarski (Nov 30)
- Message not available
  - Re: One-Time Pad Authentication Jonathan A. Zdziarski (Nov 30)
- Re: One-Time Pad Authentication Timothy J. Miller (Nov 30)
- Re: One-Time Pad Authentication the1 (Dec 02)
- <Possible follow-ups>
- Re: One-Time Pad Authentication otto1122 (Dec 02)