[Full-Disclosure] One-Time Pad Authentication
Jonathan A. Zdziarski
jonathan at nuclearelephant.com
Mon Dec 1 03:23:08 GMT 2003
> You don't actually mean a one-time pad, do you? Sounds like you're
> referring to a one-time token authentication system, especially since you
> mention SecurID. (I mention this because a few responses are reacting to
> you mentioning an OTP, but I don't think that's what you meant.)
Actually I was interested in a pad...not a seeded authentication
mechanism. I realize there's a key distribution issue, but it's not
difficult to give out a CD with a few years worth of codes on it.
Seeded will suffice though, in lieu of rolling my own OTP.
I've been using SecurID at the companies I've worked at, so I didn't get
a chance to see what's on the open source network, but now that I'm
looking to implement this on my own systems, looks like a couple of the
tools people mentioned might work.
Jonathan
Full-Disclosure is hosted and sponsored by Secunia.