What is OTP?
A one-time password (OTP) is a password that is only valid for a single login session or transaction. Using a multi-factor authentication with OTPs reduces the risks associated with logging into your system from insecure (eg. keylogged) workstations.
What is the OTPasswd?
OTPasswd is a free software implementation of a one-time password authentication scheme, which can be used on any POSIX system which uses PAM (Pluggable Authentication Modules) for authentication. OTPasswd was succesfully configured on Debian, Ubuntu, ArchLinux, Gentoo and FreeBSD. It was tested with SSH, console 'su' and with xscreensaver.
OTPasswd is written in C (C99) and implements an OTP system as described by Steve Gibson's "Perfect Paper Passwords v3.1" specification. An excellent description may be found at: www.grc.com/ppp.htm.
Why should I use OTPasswd?
I use it myself for following reasons:
- I often connect to my servers over SSH from insecure stations (think: university, widely-accessible Windows XP boxes). There are tons of malware there and each time I entered my password I was later wondering if somebody isn't right now logged into machine where I keep all my data.
- OTPasswd is simple to use. You don't need any external hardware which you'd have to connect to boxes to log. You just need a printed passcard or - with configured out-of-band channel - just a mobile phone or pager.
- OTPasswd in opposite to currently widely used OTP systems (OPIE) uses secure ciphers (AES and SHA256) instead of MD5.
You might have other reasons too. Screensaver sending you one-time codes to your mobile might be an overkill thought.
- System-wide policy regarding OTP use. Admin can enforce on users any OTP settings (passcode length, alphabet), can deny them some actions (viewing their key, removing/regenerating/generating key, displaying passcodes, ...), configure PAM in detail (number of passcode retries, etc.)
- Many user definable options: 5 built-in alphabets, ability to define one custom alphabet, selectable passcode length (from 2 to 16), passcard label, etc.
- SMS/Mail/pigeon out-of-band channel for transporting passcodes during authentication (using some simple gate, like a bash script). OOB can be automatically sent or requested by entering '.' at passcode prompt. Admin can set minimal time which must pass between two uses of OOB channel.
- Static password which can protect OOB channel or whole authentication.
- Passcard printing in plain ASCII or in LaTeX (6 passcards / A4)
- Other: scripted authentication on the console, can print the user wide range of OTP warnings regarding failures or his passcards, passcode skipping.
- Compatible with Perfect Paper Passwords version 3 if salting is disabled during key creation. With salt enabled a known-plain-text attacks on AES cypher (which are pretty impossible currently) are made even more impossible (as plain-text is no longer known for attacker) and increases KEY length from 256 bits to 352 bits which makes impossible brute-force attacks even more impossible.
- User interface written using gettext and can be translated to other languages. Currently only English and Polish languages are supported. Any help in this area is welcomed.
- Secure locking of state files to resolve race conditions.
OTPasswd is in development. It already implements all of the major functions required to do the paper-based authentication as well as authentication with the out-of-band channel like SMS. It was written with security in mind from it's beginnings and I've used it already in my production environments. Still I believe that OTPasswd needs further tests to be able to call it 'Stable'.
Feel free to use it and to contact with author in case of any problems or ambiguities.