Wednesday, 16 February 2011

One time passwords

Having fun with OATH/OTP devices.
Just coded it in to FireBrick!

http://www.firebrick.co.uk/fb2700/oath.php

11 comments:

  1. Any chance of supporting Google Authenticator so people don't need "yet another device" (or MyPW, or YubiKey, or Verisign VIP or Mobile-OTP)?

    ReplyDelete
  2. Tested with the iPhone OATH generator, and that is fine.

    ReplyDelete
  3. Google authenticator is OAUTH. Probably the others are too these days.

    ReplyDelete
  4. RevK: RFCs go in, C code comes out. The guy's a machine :)

    ReplyDelete
  5. talldavek, come on - that took me house yesterday afternoon to code that. Though mainly because I found a bug in another part of the system that I had to track down before I could get the data to save correctly.

    I wonder if we should make authentication server boxes, e.g. with embedded OATH stuff and RADIUS authentication server...

    ReplyDelete
  6. Thanks for the post - it prompted me to play with MOTP on my router and...well it Just Worked (TM)!

    ReplyDelete
  7. What's your iPhone OATH app of choice, out of curiosity?

    ReplyDelete
  8. I don't have an iPhone, and in fact have a proper key-ring gadget as per picture. So no real preference. I tried "OATH Token" and it worked.

    ReplyDelete
  9. Just in case anyone else is looking (took me a while to google it) the cheap OTP tokens are here: http://www.gooze.eu/otp-c200-token-time-based-h3-casing-1-unit

    ReplyDelete