Groups | Search | Server Info | Keyboard shortcuts | Login | Register

Groups > comp.lang.java.security > #164

Re: OTP one time password

From "Wojtek" <wojtek@THRWHITE.remove-dii-this>
Subject Re: OTP one time password
Message-ID <mn.41a87d898c2cdc5c.70216@a.com> (permalink)
Newsgroups comp.lang.java.security
References <m9o0c45rgjlkiohgov9dsdqo4o5s8r1878@4ax.com>
Date 2011-04-27 16:08 +0000
Organization TDS.net

Show all headers | View raw

  To: comp.lang.java.security
Roedy Green wrote :
> I am curious about OTP fobs.  My sister said they use them at work.
> She said she has to key a number that displays on the fob.  This
> strikes me an unnecessary and just a source of error. Surely the fob
> could insert the password, but then why bother with the display?
>
> Is there some reason for keying it?  It is just lazy software writing?

You are thinking of USB?

I can think of some reasons.

Legacy - When these were invented, USB did not exist. And it would be 
really awkward to plug the FOB into a serial port.

If the s/w is on a USB key, then someone could potentially copy the s/w 
without your knowledge. This would create secret duplicate key FOB.

If I remember right, the FOBs do not have a replaceble battery. The 
entire thing is sealed to prevent possible intrusions.

A USB key would need an app on the user's computer to be able to read 
the FOB. With a value you key in, any machine with a Web browser could 
be used.

> I understand it works by having a clock synched with the server to
> change passwords every 30 seconds or so.

Yes that is how it works. And the server also allows the previous/next 
password within a short window, in case the roll over is not exactly 
synched.

-- 
Wojtek :-)

---
 * Synchronet * The Whitehouse BBS --- whitehouse.hulds.com --- check it out free usenet!
--- Synchronet 3.15a-Win32 NewsLink 1.92
Time Warp of the Future BBS - telnet://time.synchro.net:24

Back to comp.lang.java.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

OTP one time password "Roedy Green" <roedy.green@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000
  Re: OTP one time password "Wojtek" <wojtek@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000
    Re: OTP one time password "David Kerber" <david.kerber@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000

csiph-web