I have a home network which I access remotely quite a bit. But I'm worried about security. While I do have strong passwords, I'm worried that someone will acquire my password and use it to gain access. I heard about "one time passwords" and even got to use them at my university. We'd just press a button on a device (or run an applicatio...
I'm trying to write an encrpytion using the OTP method. In keeping with the security theories I need the plain text documents to be stored only in memory and never ever written to a physical drive. The tmpnam command appears to be what I need, but from what I can see it saves the file on the disk and not the RAM. Using C++ is there any ...
Like the title says, I'm trying to implement the programmatic parts of RFC4226 "HOTP: An HMAC-Based One-Time Password Algorithm" in SQL. I think I've got a version that works (in that for a small test sample, it produces the same result as the Java version in the code), but it contains a nested pair of hex(unhex()) calls, which I feel ca...
Hi there, I've noticed that a lot of my Google searches took me here so i thought perhaps i could borrow your apt minds :) I'm working on a One Time Password generator for a mobile device (as well as website to log in to) as part of my third year degree dissertation. Using the org.bouncycastle.crypto.digests.MD5Digest library i am ta...
Hi there i'm looking at developing a One-time Password authentication system (j2me for phone, php for server side) I'm trying to get my head around the process, here is what i understand user > inputs random secret (S) into hash n number of times user > submits S^n to server server > saves n and S^n user > generates (S^n)-1 and submit...
As seen in RFC2289 (S/KEY), there is a list of words that must be used when converting the hexadecimal string into a readable format. How would i go about doing so? The RFC mentions: The one-time password is therefore converted to, and accepted as, a sequence of six short (1 to 4 letter) English words. Each word is chosen ...
Hi there, Im trying to create a one time password generator for a phone. In the RFC2289 it specifies that i must fold the output of the MD5, i'm using bouncy castle MD5 and i cant work out how to fold the byte array output. for (int i = 0; i < 8; i++) { md5[i] ^= md5[i+8]; } This is what i have so far ...
mod_authn_otp is an Apache web server module for two-factor authentication using one-time passwords (OTP) generated via the HOTP/OATH algorithm defined in RFC 4226. The developer's has listed only one compatible device (the Authenex's A-Key 3600) on their website. If a device is fully compliant with the standard, and it allows you to r...
I've been tasked with creating a One Time Password (OTP) system which will eventually be used to create OTP generators on mobile devices. We're looking at using HOTP (rfc 4226) using a counter, but maybe with some variations. We are not required to be OATH compliant. This is my first experience in the security/cryptographic realm, so ...
Anyone know where I could find sample code for this with system.security.cryptography namespace -- or instructions followable by a developer? The purpose is to add two-factor authentication to an asp.net website. On website I want to ask user to enter a passcode (similar to if they got it from a keyfob). On the client side I want to pro...