Secure authentication with one-time passwords
Whispered Once
A one-time password won't compromise security if it falls in the wrong hands. OPIE and OTPW bring the safety of one-time password security to Linux.
Despite the biometrics boom, passwords are still the most popular means of authentication. In hostile environments, rogue users try to sniff or log password entries. You can foil these attempts by using one-time passwords. A one-time password becomes obsolete after it is used.
Even if an attacker were to sniff the password en route to the authentication server, the password would be useless.For a one-time password to work, the client must have some means for determining what password to use, and the server must know what password to expect.
Techniques
Security experts have developed several techniques for generating one-time passwords. Some methods base a new password on a mathematical manipulation of the previous password – or on a mathematical manipulation of the current time. Another technique known as challenge-response starts with the server sending a random number to the client. The client then calculates a response using a process that is known to both parties.
Of course, an attacker who sniffs a couple of these challenges and responses could theoretically uncover the method. This crypto-analysis technique, which is often called known plaintext, has been described in several scientific publications. But if both partners apply a hash function after calculating the response, a sniffer will find it far more difficult to uncover the original value. The result looks very much like a random number.
These kinds of calculations are difficult to do in your head, so users often employ an electronic device called a token, which looks something like a pocket calculator. Figures 1 and 2 show examples of some popular tokens. Another option is to set up a mobile phone or PDA with the necessary software to act as a hardware-based token.
Software-Based Solutions
Of course, tokens are relatively expensive; also, the technology is often patented, or else the internal mechanisms are not fully disclosed as a security measure. If you prefer to avoid the effort and expense of a hardware token, you can also use a software-only solution.
Software-based one-time password systems have been around for several years are are even enshrined in a number of Internet RFCs. The S/Key system, which was developed in 1995 by Bellcore, is defined in RFC 1760. S/Key originally relied on MD4 encryption. Its successor, OTP, which is specified in RFC 2289, can also use MD5 and SHA hashes.
Understanding S/Key and OTP
A one-time password system consists of a server and a generator. Users are required to authenticate against the server, and the generator calculates the one-time password for this purpose. The mathematical underpinnings are provided by hash functions or irreversible algorithms: S/Key uses MD4, and OTP uses MD4, MD5, and SHA. The algorithm ensures that an attacker cannot deduce the next password just by gaining knowledge of its predecessor.
Users need to initialize the OTP system on the server side by choosing a password. The server appends a random, or user-defined, seed to the password string (Figure 3) and hashes the resulting string n times to generate the first one-time password. Finally, the server stores the username, the seed, the figure n, and the OTP.
A user wanting to authenticate against the server is sent a challenge including the seed and the figure n-1 (Figure 4). The local generator helps the user calculate a one-time password. This calculation is basically the same as the server-side initialization phase, the difference being that the hash is only run n-1 times.
The user sends the results to the server, which then hashes the incoming string once more and compares the results with the one-time password it has stored. If the two hashes match, everything is okay; the server stores the OTP passed in to it, instead of the original OTP, and decrements n by one.
OTP-managed passwords are 64-bit values from a technical point of view, however, users can enter them in the form of short words. A program would convert an entry such as TUSK JOIN ROBE HUNK HAVE CARL to the internal bit representation.
With OTP providing the cryptographic underpinnings, it is just a question of integrating this framework with the various authentication programs on Linux. These programs include login and sudo, session managers such as xdm, kdm, and gdm, or external services such as the SSH daemon or FTP servers. Linux uses Pluggable Authentication Modules (PAM, [5]) to provide a standardized interface.
If you use one-time passwords to authenticate, you need to add a line to the auth section of your PAM configuration. The required control flag depends on the configuration of your auth stack and the desired system behavior.
Universal OPIE
A pair of open source projects known as OPIE [3] and OTPW [4] provide one-time password tools for Linux. The leading OTP software implementation on Linux comes courtesy of the OPIE project (One-Time Passwords in Everything).
OPIE is easily installed from the packages that exist for many distributions, and easily built from the sources. The installation adds OTP-capable programs for login, su, and ftpd, as well as the pam_opie.so library, a number of tools, and the /etc/opiekeys configuration.
The first step is to initialize the OTP system (see Listing 1). Users handle this step themselves by logging on to the system and executing the opiepasswd command (Line 1). The results might be confusing at first glance (Line 3); by default, the tool assumes that the user is not logged on locally at the console.
Listing 1
Initializing OPIE
Because network traffic is often sniffable and insecure, opiepasswd expects an OTP. To avoid a chicken and egg problem, users must declare (by setting the -c option) that they are working at the secure console (see Line 8 in Listing 1).
If the command catches the user lying, it will refuse to cooperate. Users who take security seriously should avoid the -f option (Line 17), which ignores the subsequent warning.
The process is user-specific; in other words, any user wanting to work with one-time passwords needs to run the command individually.
After completing the initialization, a user entry is added to the /etc/opiekeys file. This file also contains the seed (te5843 in this case), the hash (6f1dba738c197a64), the newly-generated one-time password, and the sequence number (499 in this example – Lines 31 and 32).
To generate valid one-time passwords later, users need their own password, the seed, and the sequence number. There is no need to memorize all this – with the exception of the user password. The other two credentials are provided and displayed by the server.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Gnome Fans Everywhere Rejoice for the Latest Release
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.