Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!bellcore!epic!karn From: karn@epic.bellcore.com (Phil R. Karn) Newsgroups: comp.org.eff.talk Subject: Re: stealing passwords is easy! Message-ID: <1991Jun12.194910.9095@bellcore.bellcore.com> Date: 12 Jun 91 19:49:10 GMT References: <1991Jun2.215059.22125@bellcore.bellcore.com> Sender: usenet@bellcore.bellcore.com (Poster of News) Reply-To: karn@thumper.bellcore.com Organization: Packet Communications Research Group (Bellcore) Lines: 34 In article , rogue@cellar.UUCP (Rache McGregor) writes: |> karn@epic..bellcore.com (Phil R. Karn) writes: |> [description of my MINK one-time-password scheme deleted] |> Unfortunately, such a scheme undoubtedly requires the user to keep a written |> list of passwords, the easiest bane to security that ever existed. No, it does not. "Pre-computing" a list of one-time passwords on paper is only one way MINK can be used, and it is not the one I prefer. I generally compute my one-time passwords only as I need them with a local, trusted computer. The remote system gives me the seed and the current iteration count, which I then type into my local program. The local program then prompts for my secret password and produces the current one-time password. The one-way function takes no more than a second or two to iterate 100 times, even on a slow 4.77 MHz 80C88 machine such as the Atari Portfolio, small enough to carry in your briefcase. Most of the time I just use my laptop to do the computation since I'm usually already using it as my terminal. Occasionally at a conference where public email facilities are provided (e.g., USENIX, Interop or IETF) I will pre-compute a few one-time passwords in my hotel room and write them down in my notebook in order to save lugging my laptop or Atari around. Once these passwords have been used, they're useless. If one were to be stolen before I had used it, I would quickly discover that fact the next time I attempted to log in as the system would ask me for a later one-time password than I was expecting. In the ideal case, of course, the local portion of MINK would be built into your Telnet or terminal program, making it totally automatic. The user would type his or her secret password just as though it were going across the wire, but it would be intercepted by the local program and used to generate the current one-time password. Phil