OPIE considered insecure

[Benjamin Lutz]

Hi Alexander,

On Thursday 12 February 2009 10:41:19 Alexander Leidinger wrote:
> - Implement something which is similar o freeauth.org, just better
> implemented and without the "not so good" stuff / design decissions.
>
> Short: they need something you know (PIN) + something you have (e.g.
> token, or mobile phone with java with some fixed key). You then enter
> your arbitrary long PIN into the phone, and it will give you a time
> limited key to login (so the time needs to be in sync to some extend).
> On the machine you login you need the cleartext version of your PIN,
> the fixed key, and ideally it saves the the PW you just used to login
> to prevent a relogin with the same PW. If you've seen the remote login
> tokens from RSA or similar, then you should get the idea what this is
> about.

I've stumbled accross freeauth.org while researching the subject. The reason 
I didn't consider it is because so far I've been just printing out my otps, 
and that's no longer possible with freeauth.org. And there are situations 
where I can't run a Java program on my phone, for example when I'm using 
the phone as a bluetooth modem.

I'm not saying that time-based pws wouldn't be nice to have, it just goes in 
a different direction than OPIE, so it's not what I'm looking for at the 
moment. Also, the thought of having to write programs in J2ME again 
horrifies me :)

> I wrote down a while ago the algorithm somewhere (based upon my own
> thoughts how to do it, this was before I've seen freeauth, so it's
> independent), and also thought about the bells and whistles (some
> security pitfalls you need to think about). If you are interested in
> implementing this (ideally with a BSD license for inclusion into the
> base system)

While I most probably won't implement freeauth.org, I'd still like to see 
your notes; the security pitfalls you considered are likely there for other 
algorithms too.

Cheers
Benjamin