A One Time Password System provides a means of secure user authentication and authorization for network based services. It has been described in RFC 2289. Over the years this RFC has been extended by a few Requests for Comments, like RFC 2444, The One Time Password SASL Mechanism, RFC 4226, HOTP HIMAC-based One Time Password and RFC 6238, a Time-Based One Time Password Algorithm. In his Blog describes Michael Schwartzkopff a TOTP implementation.
Technical specifications for network based services like SMTP, IMAP, POP3, and LDAP require authentication mechanisms as provided by a Simple Authentication and Security Layer. This paper discusses the use of the SASL Mechanism OTP in conjunction with OPIE One Time Passwords in Everything. In principle OPIE is a challenge response system with MD5 hashed passwords. Based on this hashed password, for every session a new challenge is generated. The package OPIE comes with its own tools
In order to initiate an opie account, the tool opiepasswd is required.
$ opiepasswd -n 499 userName
This will ask for a password and generate a random seed.
The commandline tool opiekey expects hash method, sequence number, seed
$ opiekey otp-md5 492 pi6194
This will generate a 'six word' challenge, alternatively a hexadecimal challenge, if the flag -t hex is added.
To check the sequence number and seed, the tool opieinfo will check the file /etc/opiekeys.
$ opieinfo 492 pi6194
A more comfortable Tool is the Android App Opiekey from Daniel Tryba.
The security of SASL OTP and OPIE today is disputable, as the plaintext file /etc/opiekeys contains hashed password values and sequence numbers of each user. And SASL OTP only supports MD5 and SHA1 hashing algorithms,
Although there are some clients that support SASL Authentication Mechanisms like DIGEST-MD5, PLAIN, LOGIN GSSAPI for network based services, there are no decent Client Tools yet that provide SASL OTP Authentication. I therefore will demonstrate the appropriate procedures, just as proof of concept.
Authentication Procedure with Postfix
In order to announce lists of SASL Mechanisms to use, the file /etc/sasl2/smtpd.conf has to be edited, or wherever your sasl library expects the service configuration file:
$ # pwcheck_method: saslauthd mech_list: plain otp
I will run opiekey on my android smartphone, as the app opiekey is installed. My private passphrase is stored within this application, the hash method otp-md5 and the seed are stored as well, so all I have to do is modifying the sequence number and run the calculation. The resulted challenge is a six-word character string.
CASK RODE BOLT NEWT SMOG DENT
Next a base64 hashed string of the authenticationID and autorizationID has to be created:
$ printf 'dieter\0dieter' | mmencode ZGlldGVyAGRpZXRlcg==
and a base64 hashed string of the generated challenge:
$ printf 'CASK RODE BOLT NEWT SMOG DENT' | mmencode Q0FTSyBST0RFIEJPTFQgTkVXVCBTTU9HIERFTlQ=
A telnet to localhost on port 25 opens a connection to postfix smtpd, the following shows the complete dialog with smtpd:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
$ telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 pink.avci.de ESMTP ehlo localhost 250-pink.avci.de 250-PIPELINING 250-SIZE 250-ETRN 250-AUTH PLAIN OTP 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth otp 334 ZGlldGVyAGRpZXRlcg== 334 b3RwLW1kNSA0OTIgcGk2MTk0IGV4dA== Q0FTSyBST0RFIEJPTFQgTkVXVCBTTU9HIERFTlQ= 235 2.7.0 Authentication successful quit 221 2.0.0 Bye
I think this smtpd procedure is quite clear.
- line nr. 15: a 'auth otp' is requested
- line nr. 16: the answer is 334
- line nr. 17: the base64 string containing authID and authzID is via cut and paste inserted
- line nr. 18: the result is the valid hash method, sequence number and seed (otp-md5 492 pi6194 ext)
- line nr. 19: the generated 'six word' challenge.
$ mmencode -u b3RwLW1kNSA0OTIgcGk2MTk0IGV4dA== otp-md5 492 pi6194 ext
- last, the base64 hashed challenge is inserted
- the result is success!
I must admit, this procedure is quite cumbersome, but this is just a proof of concept.
Authentication Procedure with OpenLDAP
The authentication procedure with OpenLDAP is not so cumbersome as with Postfix. The available SASL Mechanisms have to be announced in the file /etc/sasl2/slapd.conf
$ mech_list: digest-md5 cram-md5 external otp auxprop_plugin: slapd
Again I run my android app, modify the sequence number and run the calculation, which results in a six-word challenge:
$ LEAN FED HOT BORE COCK SAM
In order to test SASL OTP I will run ldapwhoami:
$ ldapwhoami -Y OTP -U dieter -H ldapi:/// SASL/OTP authentication started Challenge: otp-md5 491 pi6194 ext Please enter your one-time password: LEAN FED HOT BORE COCK SAM SASL username: dieter SASL SSF: 0 dn:cn=dieter kluenter,ou=partner,o=avci,c=de
Although the idea of a One Time Password is quite interesting, there are still some security issues. All applications have to read the file /etc/opiekeys in order to get the correct sequence number and seed, and SASL OTP only supports MD5 and SHA1 algorithms.