in reply to OTP (S/Key) implementation using just numbers

What you are describing is a challenge-response pair - for which OTP is not really suited. Consider instead the following:
  1. Hand the user a number
  2. user types in number and his Password into a program
  3. program concats number and password to form a string, then hashes it (MD5 or something better)
  4. program converts resulting hash to decimal, and takes the lowest 'n' decimal digits to display (where 'n' is say 8-10)
  5. user hands back decimal digits
  6. server program does same calculation
  7. if numbers match, you are probably ok ;)
  • Comment on Re: OTP (S/Key) implementation using just numbers

Replies are listed 'Best First'.
Re: Re: OTP (S/Key) implementation using just numbers
by Micz (Beadle) on Jun 19, 2001 at 20:42 UTC
    Thank you for your replies! In case somebody needs some code to get started, here's mine. Please don't scream when you see my perl...

    regards, jan 
    use Digest::MD5  qw(md5 md5_hex md5_base64);

srand();


$pass = "micz";
$random[0]=int(rand(9));
$random[1]=int(rand(9));
$random[2]=int(rand(9));
$random[3]=int(rand(9));

$num = $random[0].$random[1].$random[2].$random[3];

$concat = $num.$pass;
$hash = md5($concat);

$response[0] = ord(substr($hash, 2, 1));
$response[1] = ord(substr($hash, 7, 1));
$response[2] = ord(substr($hash, 7, 1));
$response[3] = ord(substr($hash, 9, 1));

$totalresponse = 
print "Our challenge is $random[0]-$random[1]-$random[2]-$random[3] (p
+sst, the password is $pass) \n";
print "The correct response is $response[0]-$response[1]-$response[2]-
+$response[3] \n";

exit;

    [download]
[reply]
[d/l]

In Section Seekers of Perl Wisdom