Site menu
Login form
Our poll
Rate my site
Результаты | Архив опросов
Всего ответов: 8
Site friends
  • Create a free website
    • Statistics
    Онлайн всего: 2
    Гостей: 2
    Пользователей: 0
    Main » 2011 » Март » 16 » Authentication with onetime password
    10:44
    Authentication with onetime password

    For one of my projects required to provide increased security for user authentication. It was decided to apply the technology to OTP (One-Time Password) using a stand-alone one-time passwords eToken PASS.

    Make an order in SoftKey. A few days later received a token and the key file.

    Authenticate written in PHP because project is working on it. To work with the token, we need only three small functions:


    public function authOTP ($ secret, $ pass, $ cnt, $ window = 10)
    {
    if (preg_match ( "/ (\ \ d {6 })$/", $ pass)) {
    $ cnt = intval ($ cnt) +1;
    $ i = 0;
    while ($ i <$ window) {
    if ($ this-> hotp ($ secret, $ cnt) == $ pass) {
    return $ cnt;
    }
    $ cnt + +;
    $ i + +;
    }
    }
    }

    public function hmac_sha1 ($ data, $ key)
    {
    if (function_exists ('hash_hmac')) {
    return hash_hmac ('sha1', $ data, $ key);
    ;}

    if (strlen ($ key)> 64) {
    $ key = pack ('H *', sha1 ($ key ));
    }

    $ key = str_pad ($ key, 64, chr (0x00));
    $ ipad = str_repeat ( chr (0x36), 64);
    $ opad = str_repeat (chr (0x5c), 64);
    $ hmac = pack ('H *', sha1 (($ key ^ $ opad). pack ('H *', sha1 (($ key ^ $ ipad). $ data ))));
    return bin2hex ($ hmac);
    }

    public function hotp ($ secret, $ cnt, $ digits = 6)
    {
    $ secret = pack ('H *', $ secret);
    $ sha1_hash = $ this-> hmac_sha1 (pack ("NN", 0, $ cnt), $ secret);
    $ dwOffset = hexdec (substr ($ sha1_hash , -1, 1));
    $ dbc1 = hexdec (substr ($ sha1_hash, $ dwOffset * 2, 8));
    $ dbc2 ; = $ dbc1 & 0x7fffffff;
    $ hotp = $ dbc2% pow (10, $ digits);
    return $ hotp;
    }



    The first thing we need to get the count in the token. To do this, press the button on the token and hold it about 5 seconds. The screen will blink "888888", hit 4 more times on the button and see «F00055» - 55 and it will count. Each time the token generates a password, the counter increases.

    To perform authentication, the function authOTP pass:
    • $ secret - the secret key (located in the file attached to a token);
    • $ pass - password generated by the token;
    • $ cnt - current count;
    • $ window - a window that is allowed range of possible counter value, in our case will be from 55 to 65. In the operation of the token, if accidentally pressed the counter will be increased, and the information in the database will remain the same and for the password to be passed in a loop, we iterate through the possible values.
    In case of successful authentication authOTP function returns the current value of the counter, store it in a database or somewhere else for the following entry attempts.

    Benefits of eToken PASS
    • Does not require installing additional client software;
    • No need to install drivers;
    • works without connecting to a computer - no need to have a free port USB;
    • Ability to work in any operating system;
    • Ability to work with mobile devices;
    • One-time password is valid only during one communication session - the user need not worry about that the password can be intercepted podsmotren;
    • Low Price ~ 800r.
    That's all.
    Views: 572 | Added by: w1zard | Rating: 0.0/0
    Total comments: 0
    Имя *:
    Email *:
    Код *: