otp - Man Page

One-Time Passwords

Synopsis

package require Tcl  8.2

package require otp  ?1.0.0?

::otp::otp-md4 ?-hex? ?-words? -seed seed -count count data

::otp::otp-md5 ?-hex? ?-words? -seed seed -count count data

::otp::otp-sha1 ?-hex? ?-words? -seed seed -count count data

::otp::otp-rmd160 ?-hex? ?-words? -seed seed -count count data

Description

This package is an implementation in Tcl of the One-Time Password system as described in RFC 2289 (1). This system uses message-digest algorithms to sequentially hash a passphrase to create single-use passwords. The resulting data is then provided to the user as either hexadecimal digits or encoded using a dictionary of 2048 words. This system is used by OpenBSD for secure login and can be used as a SASL mechanism for authenticating users.

In this implementation we provide support for four algorithms that are included in the tcllib distribution: MD5 (2), MD4 (3), RIPE-MD160 (4) and SHA-1 (5).

Commands

::otp::otp-md4 ?-hex? ?-words? -seed seed -count count data

::otp::otp-md5 ?-hex? ?-words? -seed seed -count count data

::otp::otp-sha1 ?-hex? ?-words? -seed seed -count count data

::otp::otp-rmd160 ?-hex? ?-words? -seed seed -count count data

Examples

% otp::otp-md5 -count 99 -seed host67821 "My Secret Pass Phrase"
(binary gibberish)
% otp::otp-md5 -words -count 99 -seed host67821 "My Secret Pass Phrase"
SOON ARAB BURG LIMB FILE WAD
% otp::otp-md5 -hex -count 99 -seed host67821 "My Secret Pass Phrase"
e249b58257c80087

References

[1]

Haller, N. et al., "A One-Time Password System", RFC 2289, February 1998. http://www.rfc-editor.org/rfc/rfc2289.txt

[2]

Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, MIT and RSA Data Security, Inc, April 1992. (http://www.rfc-editor.org/rfc/rfc1321.txt)

[3]

Rivest, R., "The MD4 Message Digest Algorithm", RFC 1320, MIT, April 1992. (http://www.rfc-editor.org/rfc/rfc1320.txt)

[4]

H. Dobbertin, A. Bosselaers, B. Preneel, "RIPEMD-160, a strengthened version of RIPEMD" http://www.esat.kuleuven.ac.be/~cosicart/pdf/AB-9601/AB-9601.pdf

[5]

"Secure Hash Standard", National Institute of Standards and Technology, U.S. Department Of Commerce, April 1995. (http://www.itl.nist.gov/fipspubs/fip180-1.htm)

Bugs, Ideas, Feedback

This document, and the package it describes, will undoubtedly contain bugs and other problems. Please report such in the category otp of the Tcllib Trackers [http://core.tcl.tk/tcllib/reportlist]. Please also report any ideas for enhancements you may have for either package and/or documentation.

When proposing code changes, please provide unified diffs, i.e the output of diff -u.

Note further that attachments are strongly preferred over inlined patches. Attachments can be made by going to the Edit form of the ticket immediately after its creation, and then using the left-most button in the secondary navigation bar.

See Also

SASL, md4, md5, ripemd160, sha1

Keywords

hashing, message-digest, password, rfc 2289, security

Category

Hashes, checksums, and encryption

Info

1.0.0 tcllib RFC 2289 A One-Time Password System