Wednesday, 16 February 2011

One time passwords

Having fun with OATH/OTP devices.
Just coded it in to FireBrick!

http://www.firebrick.co.uk/fb2700/oath.php

11 comments:

  1. Any chance of supporting Google Authenticator so people don't need "yet another device" (or MyPW, or YubiKey, or Verisign VIP or Mobile-OTP)?

    ReplyDelete
  2. If it is OATH, it should work.

    ReplyDelete
  3. Tested with the iPhone OATH generator, and that is fine.

    ReplyDelete
  4. Google authenticator is OAUTH. Probably the others are too these days.

    ReplyDelete
  5. RevK: RFCs go in, C code comes out. The guy's a machine :)

    ReplyDelete
  6. talldavek, come on - that took me house yesterday afternoon to code that. Though mainly because I found a bug in another part of the system that I had to track down before I could get the data to save correctly.

    I wonder if we should make authentication server boxes, e.g. with embedded OATH stuff and RADIUS authentication server...

    ReplyDelete
  7. Thanks for the post - it prompted me to play with MOTP on my router and...well it Just Worked (TM)!

    ReplyDelete
  8. What's your iPhone OATH app of choice, out of curiosity?

    ReplyDelete
  9. I don't have an iPhone, and in fact have a proper key-ring gadget as per picture. So no real preference. I tried "OATH Token" and it worked.

    ReplyDelete
  10. Just in case anyone else is looking (took me a while to google it) the cheap OTP tokens are here: http://www.gooze.eu/otp-c200-token-time-based-h3-casing-1-unit

    ReplyDelete