By default, FreeBSD includes support for One-time Passwords In Everything (OPIE). OPIE is designed to prevent replay attacks, in which an attacker discovers a user's password and uses it to access a system. Since a password is only used once in OPIE, a discovered password is of little use to an attacker. OPIE uses a secure hash and a challenge/response system to manage passwords. The FreeBSD implementation uses the MD5 hash by default.
OPIE uses three different types of
passwords. The first is the usual UNIX® or Kerberos password.
The second is the one-time password which is generated by
opiekey
. The third type of password is the
“secret password” which is used to generate
one-time passwords. The secret password has nothing to do with,
and should be different from, the UNIX® password.
There are two other pieces of data that are important to
OPIE. One is the “seed” or
“key”, consisting of two letters and five digits.
The other is the “iteration count”, a number
between 1 and 100. OPIE creates the one-time
password by concatenating the seed and the secret password,
applying the MD5 hash as many times as
specified by the iteration count, and turning the result into
six short English words which represent the one-time password.
The authentication system keeps track of the last one-time
password used, and the user is authenticated if the hash of the
user-provided password is equal to the previous password.
Because a one-way hash is used, it is impossible to generate
future one-time passwords if a successfully used password is
captured. The iteration count is decremented after each
successful login to keep the user and the login program in sync.
When the iteration count gets down to 1
,
OPIE must be reinitialized.
There are a few programs involved in this process. A
one-time password, or a consecutive list of one-time passwords,
is generated by passing an iteration count, a seed, and a secret
password to opiekey(1). In addition to initializing
OPIE, opiepasswd(1) is used to change
passwords, iteration counts, or seeds. The relevant credential
files in /etc/opiekeys
are examined by
opieinfo(1) which prints out the invoking user's current
iteration count and seed.
This section describes four different sorts of operations.
The first is how to set up one-time-passwords for the first time
over a secure connection. The second is how to use
opiepasswd
over an insecure connection. The
third is how to log in over an insecure connection. The fourth
is how to generate a number of keys which can be written down or
printed out to use at insecure locations.
To initialize OPIE for the first time, run this command from a secure location:
%
opiepasswd -c
[grimreaper] ~ $ opiepasswd -f -c Adding unfurl: Only use this method from the console; NEVER from remote. If you are using telnet, xterm, or a dial-in, type ^C now or exit with no password. Then run opiepasswd without the -c parameter. Using MD5 to compute responses. Enter new secret pass phrase: Again new secret pass phrase: ID unfurl OTP key is 499 to4268 MOS MALL GOAT ARM AVID COED
The -c
sets console mode which assumes
that the command is being run from a secure location, such as
a computer under the user's control or a
SSH session to a computer under the user's
control.
When prompted, enter the secret password which will be used to generate the one-time login keys. This password should be difficult to guess and should be different than the password which is associated with the user's login account. It must be between 10 and 127 characters long. Remember this password.
The ID
line lists the login name
(unfurl
), default iteration count
(499
), and default seed
(to4268
). When logging in, the system will
remember these parameters and display them, meaning that they
do not have to be memorized. The last line lists the
generated one-time password which corresponds to those
parameters and the secret password. At the next login, use
this one-time password.
To initialize or change the secret password on an
insecure system, a secure connection is needed to some place
where opiekey
can be run. This might be a
shell prompt on a trusted machine. An iteration count is
needed, where 100 is probably a good value, and the seed can
either be specified or the randomly-generated one used. On
the insecure connection, the machine being initialized, use
opiepasswd(1):
%
opiepasswd
Updating unfurl: You need the response from an OTP generator. Old secret pass phrase: otp-md5 498 to4268 ext Response: GAME GAG WELT OUT DOWN CHAT New secret pass phrase: otp-md5 499 to4269 Response: LINE PAP MILK NELL BUOY TROY ID mark OTP key is 499 gr4269 LINE PAP MILK NELL BUOY TROY
To accept the default seed, press Return. Before entering an access password, move over to the secure connection and give it the same parameters:
%
opiekey 498 to4268
Using the MD5 algorithm to compute response. Reminder: Do not use opiekey from telnet or dial-in sessions. Enter secret pass phrase: GAME GAG WELT OUT DOWN CHAT
Switch back over to the insecure connection, and copy the generated one-time password over to the relevant program.
After initializing OPIE and logging in, a prompt like this will be displayed:
%
telnet example.com
Trying 10.0.0.1... Connected to example.com Escape character is '^]'. FreeBSD/i386 (example.com) (ttypa) login:<username>
otp-md5 498 gr4269 ext Password:
The OPIE prompts provides a useful feature. If Return is pressed at the password prompt, the prompt will turn echo on and display what is typed. This can be useful when attempting to type in a password by hand from a printout.
At this point, generate the one-time password to answer this login prompt. This must be done on a trusted system where it is safe to run opiekey(1). There are versions of this command for Windows®, Mac OS® and FreeBSD. This command needs the iteration count and the seed as command line options. Use cut-and-paste from the login prompt on the machine being logged in to.
On the trusted system:
%
opiekey 498 to4268
Using the MD5 algorithm to compute response. Reminder: Do not use opiekey from telnet or dial-in sessions. Enter secret pass phrase: GAME GAG WELT OUT DOWN CHAT
Once the one-time password is generated, continue to log in.
Sometimes there is no access to a trusted machine or secure connection. In this case, it is possible to use opiekey(1) to generate a number of one-time passwords beforehand. For example:
%
opiekey -n 5 30 zz99999
Using the MD5 algorithm to compute response. Reminder: Do not use opiekey from telnet or dial-in sessions. Enter secret pass phrase:<secret password>
26: JOAN BORE FOSS DES NAY QUIT 27: LATE BIAS SLAY FOLK MUCH TRIG 28: SALT TIN ANTI LOON NEAL USE 29: RIO ODIN GO BYE FURY TIC 30: GREW JIVE SAN GIRD BOIL PHI
The -n 5
requests five keys in sequence,
and 30
specifies what the last iteration
number should be. Note that these are printed out in
reverse order of use. The really
paranoid might want to write the results down by hand;
otherwise, print the list. Each line shows both the iteration
count and the one-time password. Scratch off the passwords as
they are used.
OPIE can restrict the use of UNIX®
passwords based on the IP address of a login session. The
relevant file is /etc/opieaccess
, which
is present by default. Refer to opieaccess(5) for more
information on this file and which security considerations to
be aware of when using it.
Here is a sample opieaccess
:
permit 192.168.0.0 255.255.0.0
This line allows users whose IP source address (which is vulnerable to spoofing) matches the specified value and mask, to use UNIX® passwords at any time.
If no rules in opieaccess
are
matched, the default is to deny non-OPIE
logins.
All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/
Questions that are not answered by the
documentation may be
sent to <[email protected]>.
Send questions about this document to <[email protected]>.