[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

One-Time passwords..



[ Please Note:  I'm not really this paranoid, but this will be
  a learning experience for me... plus it can never hurt ]

Okay, here is the deal.  I try to use SSH as often as possible. 
Unfortunately, there are times when I have to use non-encrypted
telnet.  

I also have a direct connection between my 2 machines and I can
use normal telnet then without worry of sniffing.  So here is
my situtation:

1)  Password can't be sniffed:
   a) SSH
   b) telnet from my workstation

2)  Password can be sniffed:
   FTP, telnet from anywhere else...

So, I would like to have 2 passwords.  One for each of the 2 
situations above.  That would be my first priority.

Now, I would also like to use a one-time password scheme for 
situtation #2 above.  I would like to do something like this:

> telnet kaybee.org
> 
> Welcome to kaybee.org
>
> login:  kirk
> Password:  XXXXXX
> Enter One-Time Password:  XXXXXX

So, I would need a normal password (different than the
password I would use in situation #1 above) as well as a
one-time password.  The one-time password scheme I would like
to use would be a pregenerated list that both I and the server
has a copy of.  This way, if somebody sniffs the password, then
they don't have the list.  If somebody steals my list, then they
don't have the password.  The only way to get in would be to sniff
my password *and* steal my list...

How hard is all of this?  I know that PAM makes it *WAY* easier
than it would have been without it!

Any pointers would be appreciated...

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Kirk Bauer -- Georgia Tech -- kirk@kaybee.org <== Finger for PGP
   http://www.kaybee.org/~kirk/html        ResNet RTA



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []