The U. C. Berkeley Mathematics Department will soon restrict logins from outside of its network so as to prohibit the passing of unencrypted passwords. This is to prevent an unauthorized third party from intercepting those passwords and using them to break into our system.
The preferred way to log into our system is now via the ``secure shell,'' ssh. When this is not practical, however (e.g., when suitable software is not available at the far end of the connection), we provide the alternative of using opie (``One-time Passwords In Everything''). This uses a challenge-response system, and can (with adequate preparation) be run without any special software on the far end of the connection.
This document describes how to use opie.
opie is a one-time password system. It secures your system by making playback attacks against user passwords computationally infeasible.
When you are challenged for a password by opie, the server provides you with a sequence number, n, and a seed. You enter the sequence number and seed into your opie response calculator and also enter a secret pass phrase. This secret pass phrase should not be typed over an insecure channel. If you restrict yourself to typing the secret pass phrase only on your local machine which has not been compromised by hackers, the secret pass phrase should remain secure.
The opie calculator combines the secret pass phrase with the key and MD5 hashes it n times according to the sequence number. It then provides you with an encoded version of the resulting number which you should then type in as a response to the original challenge.
The challenging system then MD5 hashes your response one more time and compares the result with the last password you provided (at sequence number n+1). If they match, then you are authenticated.
If someone can capture your secure password, they can then generate any password they need. They could do this by compromising the system you use to compute the response. If MD5 is ever broken (it's supposed to be a one-way hash) they could capture a response and generate the next response by finding something that hashes to the same value.
(The above two subsections were adapted from the MSRI opie web site.)
Opie uses its own password database separate from the password database used for normal and ssh logins. Therefore, you need to establish an opie password before using opie.
To do this, you need to connect to our opie server machine and run the program opiepasswd. Here is an example of how to do this. Things that you type (or paste from another window) are shown in bold. First, log into the host opie.math and run opiepasswd:
pub-708c-11 99> ssh2 opie.math [login messages omitted] blue3 1> opiepasswd Adding gauss: You need the response from an OTP generator. New secret pass phrase: otp-md5 499 al9274 Response:
As the printout indicates, you need to type not the password directly, but the response from an opie password generator. In a separate window on your local machine, run the otp-md5 program, using the arguments printed out above:
pub-708c-11 43> otp-md5 499 al9274 Using the MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Enter secret pass phrase:
Now type your secret password. It must be from 10 to 127 characters long. The characters you type will not appear on the screen. In response, the otp-md5 program will print some short words containing your password in encrypted form.
pub-708c-11 43> otp-md5 499 al9274 Using the MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Enter secret pass phrase: LAST PLY WEAN MILK EGAN JUDE
Finally, type (or use the mouse to paste) those words as input to opiepasswd:
pub-708c-11 99> ssh2 opie.math [login messages omitted] yuban 1> opiepasswd Adding gauss: You need the response from an OTP generator. New secret pass phrase: otp-md5 499 al9274 Response: LAST PLY WEAN MILK EGAN JUDE ID gauss OTP key is 499 al9274 LAST PLY WEAN MILK EGAN JUDE yuban 2>
You have now established an opie password.
Note that you run otp-md5 on your local machine (pub-708c-11 in this example), so that the password does not get passed over the net. (Opie is not aware of ssh, so it treats your ssh login session as an insecure terminal, even though it is in fact encrypted. It will not let you run otp-md5 on blue3, so you have to use the separate window.)
The procedure for logging in via opie has much in common with the procedure for establishing an opie password. The following illustrates a sample login session using opie. As before, user responses are shown in bold face type.
hal.jupiter.mil% telnet opie.math.berkeley.edu Trying 128.32.183.183... Connected to yuban.berkeley.edu. Escape character is '^]'. SunOS 5.9 login: gauss otp-md5 496 al9274 ext gauss's response:
Now, on the local machine, run the otp-md5 program, using the arguments printed out above:
hal.jupiter.mil% otp-md5 496 al9274 ext Using the MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Enter secret pass phrase:
Now type your secret password. The computer will respond by printing out some short words containing your password in encrypted form.
hal.jupiter.mil% otp-md5 496 al9274 ext Using the MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Enter secret pass phrase: HAY WINE LIT MODE WADE EVER
Finally, type (or use the mouse to paste) those words as input to the opie host:
hal.jupiter.mil% telnet opie.math.berkeley.edu Trying 128.32.183.183... Connected to yuban.berkeley.edu. Escape character is '^]'. SunOS 5.9 login: gauss otp-md5 496 al9274 ext gauss's response: HAY WINE LIT MODE WADE EVER Last login: Wed Feb 23 12:39:07 from hal.jupiter.mil [Etc.]
You're in!
It is also possible to transfer files using an opie-ized version of ftp. The methods are similar to those for telnet.
The above example assumed that the program otp-md5 was available on the machine you are logging in from. This may not always be the case. If it is not available, there are some alternatives:
otp-md5 -n 50 498 al9274 extIf you do this, however, you should print and delete the list as soon as possible, and treat the printed file as a sensitive document. Also, in case of loss, do not put your account name or your own name on the printout.
Some other sources of information on opie are: