As old as good: One Time Passwords

Posted by – 12/09/2008

People frequently ask me what I am doing typing on my Palm right before logging in one of my remote systems. The answer is quite simple: “generating my next password”. People always seem puzzled by that answer… Maybe I am just too old to have had only telnet sessions available to remote connections (that was the time before SSH took over)… or maybe I am just too paranoid regarding the access to my systems… Anyway, I like One Time Passwords, and here is an article I can refer to when I get asked again 😉

One Time Passwords are just that: passwords that are good for one time use. They never repeat and once used you can throw it away securely. They were quite common when the authentication was done in clear text (so that any man-in-the-middle could steal your passwords), back in the r-tools age (rcp, rsh, rlogin, rexec, etc). After the SSH-related tools took over, providing easy tunneling and remote access, MITM attacks were of much concern, so OTPs became less relevant. What a shame, for they even have a couple of standards for those!

But there’s still room for OTPs… Question: Is it easier to deploy a MITM attack or a keylogger? That’s right… We are always connecting to our remote systems in public terminals (well… at least I am – right now typing from the hospital computer), and a keylogger is so easily installed in one of those terminals, even remotely, that no one would ever get close to deploy a refined MITM attack just to steal someone’s password. One would just install a keylogger! All the security SSH provides would just be gone by then. That’s why I use SSH to connect to my remote machines, but use OTPs to authenticate myself.

It’s so easy to deploy it. In Debian you’ll find packages opie-server and libpam-opie and those are the only things you’ll need on the server side (besides SSH, obviously). OPIE means “One-time Passwords In Everything”, and combined with PAM, one can really use it everywhere.

After installing it, you’ll have to generate the password file for your account:

spectra@home:~$ opiepasswd -c
Adding spectra:
Only use this method from the console; NEVER from remote. If you are using
telnet, xterm, or a dial-in, type ^C now or exit with no password.
Then run opiepasswd without the -c parameter.
Using MD5 to compute responses.
Enter new secret pass phrase:
Again new secret pass phrase:
 
ID spectra OTP key is 499 ho6484
HAVE COOK LOLA AIRY NEIL ROAM

The pass phrase will be used to generate the passwords in a step before your login. Please, try not to forget it (specially if you’re following this article and playing with some remote system at the same time). Now you can edit /etc/pam.d/ssh file (or its equivalent in non-Debian systems) to require that kind of authentication. Mine just looks like this:

# /etc/pam.d/ssh
auth       required     pam_env.so
auth       required     pam_env.so envfile=/etc/default/locale
auth       required     pam_opie.so

First two lines are unrelated and just load the environment variables. Last line is where the fun is. Please, note two things: (1) I removed references to pam_unix.so, which is what would ask for my “real” password, that I want to disable (no login is allowed with that password). And (2), I declared it as required, meaning that failing it will keep one out of the system.

We are not ready yet! SSH will work by now, but will not present you the OTP challenge. Probably you could still login, but you’d have to remember which is the current password (Trust me, you would not!). To get the challenge you’ll need to enable it – in /etc/ssh/sshd_config change the following line:

ChallengeResponseAuthentication yes

That’s it. Now to login to your remote machine, that’s what will usually happen:

spectra@hospital:~$ ssh home
otp-md5 498 ho6484 ext, Response:
spectra@home:~$

Voilà! It asks for password #498. By default, it starts with 500 passwords and goes down from that. Password #498 were asked, so the next will be #497. After that, #498 is not useable anymore, and #496 is not useable yet. You can generate a list of those passwords (let’s say 10), print it and keep it in your pocket. This is the command you’d use for that:

spectra@home:~$ opiekey -n 10 498 ho6484
Using the MD5 algorithm to compute response.
Reminder: Don't use opiekey from telnet or dial-in sessions.
Sorry, but you don't seem to be on the console or a secure terminal.
Warning: Continuing could disclose your secret pass phrase to an attacker!
Enter secret pass phrase:
489: CALM INTO WEEK APS LOON VIE
490: HASH GYM RAID GOSH HOYT DUAL
491: BELL GIN RIFT HELM GUY BUNK
492: HEBE OBOE SUP LEG LULU LANG
493: HOYT JOT ASK JOG GIBE BETH
494: NASH MOOT HIND YEAH  YAP CARL
495: MATE OF BARD LAVA LEAK AHOY
496: TAB BAG KEY GILT AVID VEAL
497: MOLE FORM NIB LEER ROSS HAVE
498: SING WERE OVEN SOD VEIN NIBS

That is not so secure, since you can loose the paper and be doomed… Luckily there are lots of small softwares that does this generation for you. Some you can use from your Palm or from some J2ME-enabled phone (such as N95). Some your can use from another (trusted) computer. Some are even online, written in javascript!

There are at least one other side-benefit of using OPIE as above: You can give away your user password (even root password – OK, probably not a Good ThingTM), that the system would still be secure, since it only allows SSH authentications via OPIE! If the session is started with a username whose opiepasswd was not activated (first step… scroll back to the beginning of the article), SSH will greet you with a bogus challenge… only “opie-activated users” will be allowed to login with the above configuration.

Easy enough, isn’t it? Now, next time you see me typing on my Palm before opening an SSH connection you’ll know what I am doing… 😉

5 Comments on As old as good: One Time Passwords

  1. spectra says:

    @Karellen: Hehehe… Bruce Schneier is almost always correct. I would not trust my own ability to keep safe a piece of paper… but that is just me.

    @martin langhoff: I would not use PAM-SOTP for several reasons: (1) the author states it’s “under early stages of development” (while OPIE is in production for much longer, and is backed by FreeBSD team (2) PAM-SOTP’s scheme is not much different or “simpler” than OPIE; (3) There are other options instead of OPIE, which are as mature (there’s a port from OpenBSD S/Key in Gentoo Portage system).

    @lala: Two-factor authentication seems very good, but, AFAIK, is just an idea and some patch for OpenSSH (which is the one I use) so far… I guess that, once OpenSSH implement it, it would be just a matter of configuration: PAM would perform its part and SSH would have to require the key. This is a much debated thing in the OpenSSH world, it seems… Some are talking about a authentication hierarchy, just as PAM has…

    Also, please note that OTPs are not a holy grail. They have limitations and possible security problems. For instance, when trying to login with a user that doesn’t exist, pam-opie would generate a bogus challenge (as I told in the article), and that changes randomly… This means one could guess which users are real (and have opie passwords activated), which are not…

  2. terceiro says:

    Raise a hand those who already asked spectra about the palm-before-ssh stuff.

    o/

    🙂

  3. lala says:

    This is all good, but what about two-factor authentication? I’d very much like to authenticate using OTP+ssh key (on a smart card, a la gpg smartcard). Any ideas?

  4. martin langhoff says:

    OPIE is useful to protect your conventional password if you are using telnet or an unknown machine as the ssh client. However, I find it really impractical.

    PAM SOTP is much much easier to use, and is a classic OTP scheme.

  5. Karellen says:

    “You can generate a list of those passwords (let’s say 10), print it and keep it in your pocket. […] That is not so secure, since you can loose the paper and be doomed.”

    Bruce Schneier disagrees. “We’re all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.”[0]

    [0] http://www.schneier.com/blog/archives/2005/06/write_down_your.html

Leave a Reply

Your email address will not be published. Required fields are marked *