Cover V08, I13
Article

jul99.tar


OPIE -- One-Time Passwords in Everything

Margaret Fenner

A while back, I was tasked with engineering an OPIE host, a system that would utilize one-time passwords. When starting this project, I found little documentation on the Web that discussed how to accomplish this mission with the details that I needed, so I decided to write my own. Note that I did not write OPIE, nor do I maintain the software. I merely wrote some documentation that I hope will help other systems administrators set up an OPIE host in their environment.

What is OPIE?

OPIE was originated at NRL, the Navy Research Labs. They have provided the following description of OPIE:

OPIE provides a one-time password system for POSIX-compliant UNIX-like operating systems. The system should be secure against the passive attacks now commonplace on the Internet (see RFC 1704 for more details). The system is vulnerable to active dictionary attacks, though these are not widespread at present and can be detected through proper use of system audit software. The NRL OPIE software is derived in part from and is backwards compatible with the Bell Communications Research (Bellcore) S/Key(TM) Version 1 Software Distribution. Because Bellcore claims “S/Key” as a trademark for their software, NRL has been forced to use a different name (OPIE) for its software distribution.

The current location of the OPIE distribution is:

ftp://ftp.inner.net

There are also two newsgroups that discuss OPIE information:

comp.security.unix
comp.security.misc

How to Log in to an OPIE System

1. Make sure you have an account on the OPIE system

2. Create or change your passphrase

3. Obtain the key and the seed

4. Obtain a response key generator

5. Generate a “Response”

6. Login to the system running OPIE

1. Make Sure You Have an Account on the OPIE System

Consult with the administrator of the OPIE system to ensure an account is already set up for you on this system. If so, use a secure mechanism, such as ssh, to generate your passphrase which you will need to login. If you do not have access to ssh, the administrator of this system will need to tell you your initial passphrase for this system. This is different from your password on this system. You will use the passphrase to generate the “Response” (like a password) later in the login process.

2. Create or Change your Passphrase

To create or change your passphrase, you should either go to the system console and login or use ssh to remotely login. If you use rsh, rlogin, or telnet, your passphrase will not be secure.

In the following command to change your passphrase:

$INSTALLDIR/opiepasswd -f -c

$INSTALLDIR is the full pathname of the directory in which the opiepasswd command is installed (i.e., /usr/local/bin).

The -f flag forces the change to be made if you are not logged in directly to the console. The -c flag sets the user in console mode, where the user is expected to have secure access to the system.

3. Obtain the Key and the Seed

You need the key and the seed to run a key generator program to produce the “Response” that you'll be prompted to type in. I obtained this information by telnetting to our OPIE workstation, using my normal login ID, and looking for specific output:

[peggy@localsystem] telnet opiehost
Trying 129.99.x.x...
Connected to opiehost
Escape character is '^]'.

UNIX(r) System V Release 4.0 (opiehost)

login: peggy
otp-md5 497 su9439 ext
Response:

497 is the key in this example.
su9439 is the seed in this example.
4. Obtain the Response Key Generator

Response key generators can be obtained from the OPIE ftp site: ftp.inner.net.

Response key generators:

macopie-1.1.hqx -- Macintosh OTP generator

opie.tk -- Tcl/Tk front-end to the UNIX opiekey(1) generator program

opieprint.gz -- Perl program that will generate a PostScript-printable OTP card with 100 OTPs for use on the road.

skeylx01.tar.gz -- HP 100/200 LX OTP generator winkey11.zip Windows 3.1x OTP generator

winkey32.exe -- Windows 95/NT OTP generator

pilotp10.zip -- PalmPilot OTP generator

opie-2.32.tar.gz -- Source code for all UNIX OPIE programs including opiekey(1) for generating keys

5. Generate a “Response”

The OPIE key-generating software package and commands must be installed on your local system (the system you are physically sitting in front of) before you can generate “Responses”, which are used like passwords when connecting to a system running OPIE. The command used in the following example is opiekey running on an SGI box. This command was obtained by downloading the OPIE Source code for UNIX and compiling.

When prompted for a passphrase, use the same passphrase that you have on the OPIE box. If you have never logged into the OPIE box, the administrator should be able to give you that information. Once you have logged in, it's a good idea to change your passphrase (assuming you have logged into the OPIE system either on the console or via ssh to ensure that your passphrase generation is secure).

localsystem.peggy 76> opiekey 497  su9439
Using the MD5 algorithm to compute response.
Reminder: Don't use opiekey from telnet or dial-in sessions.
Sorry, but you don't seem to be on the console or a secure terminal.
Warning: Continuing could disclose your secret pass phrase to an attacker!
Enter secret pass phrase:
Again secret pass phrase:
VAN ARTS RARE DINT COL WELD

All of the above six words are one “Response” when logging in (like one long password).

6. Login to the System Running OPIE

You now have the information you need to login to a system running OPIE. You have the key, the seed, and the “Response”.

[peggy@localsystem]  telnet opiehost
Trying 129.99.x.x...
Connected to opiehost
Escape character is '^]'.

UNIX(r) System V Release 4.0 (opiehost)

login: peggy
otp-md5 497 su9439 ext
Response: VAN ARTS RARE DINT COL WELD
Last login: Sat Sep 19 16:57:48 from localsystem

You may see the “Response” in cleartext as you type it -- this is okay.

How to Install an OPIE Server

1. The OPIE README file

2. OPIE system requirements

3. Download the software

4. Unpack the software

5. Read the OPIE INSTALL file

6. Run the configure script

7. Run make install

8. Files that were altered or replaced

9. Test your installation

1. The OPIE README File

Read the OPIE README file that comes with the distribution.

2. OPIE System Requirements

Ensure that the system you wish to install OPIE on meets the following requirements:

• A UNIX-like operating system

• An ANSI C compiler and run-time library

• POSIX.1- and X/Open XPG-compliance (including termios)

• The BSD sockets API

• Approximately five megabytes of free disk space

3. Download the Software

Download the software from ftp.inner.net. I found it in /pub/opie.

4. Unpack the Software

gunzip opie-2.32.tar.gz
tar xf opie-2.32.tar

5. Read the OPIE INSTALL README File

6. Run the Configure Script

[peggy@localhost] sh ./configure
creating cache ./config.cache
checking for gcc... gcc .. works
[ ... ]

7. Run make install

This will install the binaries (the default location is in /usr/local/bin):

[root@localhost opie-2.32]# make install
(cd libopie ; make libopie.a CFL='-O -DKEY_FILE=\"/etc/opiekeys\"')
make[1]: Entering directory `/home/peggy/Software/opie-2.32/libopie'
gcc -O -DKEY_FILE=\"/etc/opiekeys\" -I..   -c md4c.c -o md4c.o
[ ... ]

8. Files that Were Altered or Replaced

/usr/sbin:

---x------   1 root     bin         68248 Sep 21 22:06 in.ftpd

/bin:

---s--x--x   1 root     bin         36668 Sep 21 22:06 su
---s--x--x   1 root     bin         43338 Sep 21 22:06 login

/usr/local/bin:

[root@localhost bin]# ls -l
total 78
-r-xr-xr-x   1 root     bin          7779 Sep 21 22:06 opieinfo
-r-x--x--x   1 root     bin         29778 Sep 21 22:06 opiekey
-r-s--x--x   1 root     bin         38387 Sep 21 22:06 opiepasswd
lrwxrwxrwx   1 root     root           22 Sep 21 22:06 otp-md4 ->
/usr/local/bin/opiekey
lrwxrwxrwx   1 root     root           22 Sep 21 22:06 otp-md5 ->
   /usr/local/bin/opiekey

9. Test your Installation

You can test your installation by typing in login in a shell window of the system you just installed OPIE on. Type in your login id, and you should see something like this:

[peggy@localhost] login
login: peggy
otp-md5 495 lo8798 ext
Response or Password:

The next time you telnet to this system, you will see something like this. You will need to learn how to login to your OPIE system at this point.

How to Add an OPIE Account on your OPIE Server

1. How to configure an OPIE account

2. If the users do not have access to the OPIE system console

3. How to create/edit/update your passphrase

4. How to create/edit/update another user's passphrase

1. How to Configure an OPIE Account

Any account that is added to the system that has OPIE installed on it can automatically use OPIE by default. This is because the binaries su and login were replaced during the OPIE installation process.

2. If Users do not have Access to the OPIE System Console

If users do not have access to the console, they should be able to use ssh to get to the system and change their passphrases. Otherwise, the passphrase must be set by the administrator of the machine and given to users on an individual basis. The opiepasswd command needs to be compiled by the administrator of the OPIE system in the following manner if the above ssh solution is to work (be sure make clean was run first):

[root@localhost opie-2.32]# sh configure --enable-insecure-override
[...]
Making sure OPIE database file exists
Changing permissions of OPIE database file
Changing ownership of OPIE database file
Creating OPIE lock directory
mkdir: cannot make directory '/etc/opielocks': File exists
Installing manual pages
REMEMBER to run opiepasswd on your users immediately.

3. How to Create or Update your Passphrase

To create or edit your passphrase, go to the system console and login or use ssh to remotely login. If you use rsh, rlogin, or telnet, your passphrase will not be secure.

Run the following command to change your passphrase:

$INSTALLDIR/opiepasswd -f -c

$INSTALLDIR is the full pathname of the directory where the opiepasswd command is installed (i.e., /usr/local/bin).

The -f flag forces the change to be made if you are not logged in directly to the console. The -c flag sets the user in console mode, where the user is expected to have secure access to the system.

4. How to Change Another User's Passphrase

To create or change another user's passphrase, you must be root and basically follow the same steps as above -- just add the username to the end of the command:

[root@localhost bin]# ./opiepasswd -c -f opsaccount
Adding opsaccount:
Only use this method from the console; NEVER from remote. If
you are using telnet, xterm, or a dial-in, type ^C now or exit
with no password.  Then run opiepasswd without the -c
parameter.
Using MD5 to compute responses.
Enter new secret pass phrase:
Again new secret pass phrase:

ID opsaccount OTP key is 499 lo1743
AMMO WAG ROOD OLIN FLED MEAD

OPIE Commands and man Pages

The following is a list of OPIE commands; the description for each was taken from the man page for the command:

opiegen -- opiegen takes a properly formed OTP challenge from either the command line or standard input, prompts the user for a secret pass phrase, and generates an OTP response to that challenge. It is intended as an example for programmers of how to build a simple OTP generator. Users should probably use the opiekey program instead.

opieinfo -- opieinfo takes an optional user name and writes the current sequence number and seed found in the OPIE key database for either the current user or the user specified. opiekey is compatible with the keyinfo(1) program from Bellcore's S/Key Version 1 except that specification of a remote system name is not permitted.

opieinfo can be used to generate a listing of your future OPIE responses if you are going to be without an OPIE calculator and still need to log into the system. To do so, you would run something like:

   opiekey -n 42 'opieinfo'

opiekey -- opiekey takes the optional count of the number of responses to print along with a (maximum) sequence number and seed as command line args. It prompts for the user's secret pass phrase and produces an OPIE response as six words. If compiled to do so, it can prompt for the user's secret passphrase twice to help reduce errors due to typos. The second password entry can be circumvented by entering only an end of line. opiekey is compatible with the key(1) program from the Bellcore S/Key Version 1 distribution and several of its variants.

opielogin -- opielogin provides a replacement for the login(1) program that provides OPIE challenges to users and accepts OPIE responses. It is compatible with the keylogin(1) program from the Bellcore S/Key Version 1 distribution, which, in turn, is downward compatible with the login(1) program from the 4.3BSD Net/2 distribution.

opiepasswd -- opiepasswd will initialize the system information to allow one to use OPIE to login. opiepasswd is downward compatible with the keyinit(1) program from the Bellcore S/Key Version 1 distribution.

opieserv -- opieserv takes an OTP principal (e.g., a user name) from either the command line or standard input and returns a current OTP challenge for that principal. It then reads an OTP response to that challenge from standard input, displays a message, and returns a value to indicate either success (exit value = 0) or failure (exit value = 1). It is intended as an example for programmers of how to build a simple OTP server.

opiesu -- opiesu is a replacement for the su(1) program that issues OPIE challenges and uses OPIE responses. It is downward compatible with keysu(1) from the Bellcore S/Key Version 1 distribution and the su(1) program from the 4.3BSD Net/2 distribution.

Bonus Points

OPIE Passphrase Change via a Web Page

The following section details how to construct a Web page to change or create a user's passphrase via a Web page. The idea was entirely designed by Bill Fenner (fenner@parc.xerox.com).

A script will enforce the use of SSL with the Web server (or rather, it will when it's installed on a Web server that can do SSL), so the transaction from the user to the Web server is secure.

The script enforces the use of POST to submit the forms so that passwords can not show up in the logs as they might if it used GET.

It uses ssh to encrypt the transaction from the Web server to the opiehost, so the transaction from the Web server to the opiehost is secure.

It doesn't keep any state on the Web server. The script takes the username and password that the user supplied at the first step and uses that to log into the opiehost as them.

Walkthrough of changing password:

1. User submits original form with username and password via SSL POST.

2. Web server ssh's to opiehost to check the username and password, and to determine if the user has a current passphrase.

3. Web server generates a page containing the following items as hidden FORM elements:

a. The username

b. The password (encoded in hex)

c. Whether or not user has a current passphrase as well as the regular FORM elements that are asking for the old and new passphrases.

This HTML is potentially dangerous, because it contains the user's username and password in what's effectively cleartext. However, it uses the “Pragma: no-cache” header, which asks the browser not to cache the page (this means it doesn't even write it to the local disk cache). Also, browsers normally don't cache pages retrieved via SSL. This limits the scope of the danger to someone who is physically in front of the browser at the time that this page shows up and can “view source”. This implies that this person has full control of the user's system anyway, so this is a relatively minor risk.

4. User submits form with old and new passphrases

5. Web server ssh's to opiehost again to perform the password change and informs the user of the result.

If you are interested in obtaining a copy of a script written according to the above example, please send email to: peggy@nas.nasa.gov.

The Java OTP Calculator

There is a Java application available for OPIE, The Java OTP Calculator. This program automatically calculates the one time passwords for you in a Java application. It was written by Harry Mantakos, and can be found at the following URL:

http://www.cs.umd.edu/~harry/jotp/
BetterTelnet

This is a version of telnet available for Mac OS with OTP support built in. If you turn on the “Automatic OTP” option, OPIE login support becomes as easy as a traditional password login program. This is also free software available licensed under the GNU General Public license. This software can be found at the following URL:

http://www.cstone.net/~rbraun/mac/telnet/

Conclusion

People are starting to pay more attention to the security aspects of their network. OPIE can be another way for a site to tighten up their environment to help protect against such things as sniffers.

This technology should not be used to replace things such as ssh (secure shell), but if ssh is not available at a given site, OPIE can be used to minimize security incidents. One key point to keep in mind when using OPIE is that it is not 100% secure. It does not encrypt your data as it flows across the network. A cracker will still be able to monitor the current connection. It is highly important to recognize this when using OPIE, and not to do such things as change your password, or read confidential email when logging into a system via OPIE. OPIE provides a means to protect passwords to a degree by generating and enforcing one-time passwords. You use the password one time, and then throw it away; the OPIE system will not recognize it or authorize it the next time it is used.

I hope the information I've compiled on this topic helps more people make use of this technology.

About the Author

Peggy is currently the principal member of the technical staff at the Numerical Aerodynamics Simulation Facility at NASA Ames Research Center in Mountain View, California. She has spent the last 4 years there administering UNIX-based hosts, teaching classes, programming, and coordinating large projects. When not working, some of her hobbies include downhill mountain biking, skiing, rollerblading, and traveling.