Editor's note:  These minutes have not been edited.


IETF 36 - WG on One-Time Password Authentication

Co-chairs:      Neil Haller (Bellcore)
Ran Atkinson (cisco)

Mailing List Info:

General Interest: [email protected]
[Un]subscribe:  [email protected]
Archive:        ftp.bellcore.com:/pub/ietf-otp/archive


Reported by: Neil Haller (notes recorded by Richard Graveman)


Steve Belovin gave a brief talk about the hacker system "Monkey"
that is a combination of a sniffer and a dictionary attack. The message
is that OTP depends on having a well chosen secret pass-phrase.
Solutions were left for the WG to invent. Steve pointed out that
Kerberos also has the same problem Also, active attacks, and attacks
on DNS are not prevented with this technology.

RFC 1938 requires a 10 character pass-phrase. It was pointed out that
requiring additional strength checking would change conforming
generators to non-conforming. One suggestion was to have generators
optionally pass a strength code to servers which could decide if the
strength was acceptable to the installation.


Craig Metz, Denis Pinkas, Phil Servita, with input from others, came
up with joint proposal for automating the the re-initialization of the
sequence of one-time passwords. Craig presented a way of adding
"extended responses" to the OTP protocol and how this could be used for
automated re-initialization. The extended responses are optional and
are of the form:

<type>:<arg1>[:...]

Examples are:

word:anne vein coke boom gut pun
hex:4d3e 81a6 ae51 7e6b

This eliminates the ambiguity between hex and dictionary words made
of only the letters a-f. Eliminating this ambiguity is necessary, and
therefore required, for automated initialization of the OTP sequence. A
reinitialization request would look like:

init:<old OTP>:<new params>:<new OTP>[:<check update>:<check
value>]

It was agreed that, subject to changes made on the list, the proposed
addition to the OTP protocol would move towards an elective standards
track rfc. Craig agreed to post this proposal as an Internet Draft.


Denis Pinkus brought up the problem that a server can give you someone
else's challenge and this trick you into providing the server with the
ability to break into another system. This issue was deferred to the
mailing list.


At the next IETF meeting, San Jose in December 1996, rfc 1938 will be
eligible for advancement to Draft Standard. There was complete
agreement that interoperability demonstrations should be planned for
that meeting with the intention of advancing the OTP protocol.


Phil Servita announced that his OTP toolkit for UNIX is available at:

ftp.ftp.com:/pub/meister/otp/unix/otp.tar

It supports MD4, MD5, SHA1, and has alternate dictionary support. It
does not yet do extended responses. A re-init scheme which is NOT
compliant with the current extended response draft is included, but
should not be used.

OTP generators for DOS, Windows, 95, and NT (with source, Borland
C++) are available at:

ftp.ftp.com:/pub/meister/otp/dosotp/
ftp.ftp.com:/pub/meister/otp/winotp/

An alpha version of the OTP toolkit which implements the extended
responses, and also provides support for the RIPEMD160 hash function
is available at:

ftp.ftp.com:/pub/meister/otp/pre-release/unix/otpalpha.tar


Documents

RFC 1760, N Haller, February 1995
RFC 1938, N Haller & C Metz, May 1996

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.