One-time password
A one-time password or one-time password is a password for authentication or authorization. Each time password is only valid for a single use and can not be used a second time. Accordingly, any authentication or authorization requires a new one-time password. It is secure against passive attacks, ie monitoring. Also, replay attacks are impossible. Against the Man in the Middle attack scenario does not help one-time passwords. The use of one-time passwords does not affect the security of an encryption method.
The often-used abbreviation " OTP " stands for English, " One-Time- Password", which is the direct translation of " One Time Password ". However, there is a risk of confusion with the encryption process one- time pad, since both are abbreviated as " OTP ".
The challenge in the one-time password is how both sides can know what password for a specific login procedure is valid. There are also two possibilities: password lists or password generators.
- 2.2.1 Initialization
- 2.2.2 Calculation of the One-Time- Passwords
- 2.2.3 Verification of the OTP to the server
- 2.2.4 reinitialization
- 2.2.5 safety
Password lists
Ready-made lists of passwords are stored on both sides in this system. This list is either sequentially processed ( ie: the entries are numbered ) or it is simply a not yet used value randomly selected. This value is passed as the password and painted on both sides from the list. The TAN list for online banking are an example of a password list.
The differences between the said variants: In -time passwords, which are in succession, thus sequentially used, there is at any time exactly one valid value, namely, the first unused. In time passwords, which can be arbitrarily selected from a list by the sender, there are at any given time as many valid entries as there are unused values on the list.
A disadvantage is a possible "loss" of this list. An attacker (eg when a system break-in), this list falls into the hand so knows all the possible one-time passwords. A system which does not have to completely store the list is therefore preferable to this method.
Password generators
A password generator is a tool that automatically generates a password.
Method
The password generators each have a current password is generated by a special algorithm at any time. Three methods have to be distinguished:
In all three, it is not, the algorithm itself is transmitted, but only the proof the result of the algorithm. With the right result, according to the client that it has the correct algorithm and, if necessary, the correct initialization.
Timed
Although the server each, the same calculation as the client is running ( the security token ), it will accept and generally calculated within a tolerance range several one-time passwords, possibly because the token the built-in clock is not one hundred percent accurate. However, each time password has a well-defined time interval for its validity, which usually between 1 to max. Located 15 minutes.
Here an example of a token, which changes its one-time password every minute. However, the one-time password is only valid at time t, but is on the server side because of tolerance and at the time t - 1 min and t 1 min and thus takes three minutes. Good practices are synchronized based on the incoming data to the client. For longer breaks between applications but can also fail this.
When using a single token in several independent bodies would be open at a time password of eavesdropping at one point a security risk to other locations within the tolerance range.
A widespread implementation of a timed One- Time-Password ( OTP) is the Google Authenticator implements an algorithm, which is also known as time-based OTP ( TOTP ).
Event driven
Also in the event-driven process, the server performs as when scheduling the same calculation, which took place on the client side, and also calculated here and he accepted in a tolerance range several one-time passwords, except already used. The reason is that the owners sometimes could not use a generated password. This process is much gentler on the batteries of a corresponding device (token). It is also possible to operate it without any permanent power supply, simply by the last used and thus already depreciated value is stored.
When using a single token in several independent bodies, all bodies must be informed promptly of any use in any event.
Challenge-response controlled
Synchronization problems do not exist in the event of a challenge-response process. In this method, the server returns with a task (challenge ), must answer the client (response). Thus, the client is given a value of the server as input and calculated based on a one-time password.
The advantage of this method is that the challenge can be made completely independent. Exists on the server side is no algorithm which can be calculated in advance, then there is no way to calculate a response in advance on the client side or cracker. Thus the use of a single algorithm in a plurality of independent sources is possible, the safety is not thereby reduced. There are solutions that calculate with a device (token) for the response. In this case also, the technique described below are used, with the initial value as a challenge.
Technique used in most generators
Typical examples of the most commonly used methods are the one hand, the so-called tokens, for example, RSA Security, ID Control, Vasco, Kobil and other manufacturers, on the other hand, some implementations of the one-time password by Lamport ( also referred to as Lamport hash ), the algorithm essentially based on the repeated application of a hash function.
Is a prerequisite for the One - Time-Password process that both parties ( client and server) know a common secret password. This is a series of one- time passwords ( OTP) is generated now.
Initialization
Configures the procedure by the server and the client with the same initial value are initialized. This is calculated based on a random number, the so-called "seed" (English seed ), combined ( concatenated ) with the " shared secret password ", and a one-way cryptographic hash function:
Calculation of One-Time Passwords
Now, a series of one- time password is generated by the hash function is applied to multiple iteratively: The first OTP generated by the hash function is applied times. Next, by the hash function is used once. A possible eavesdropper can not compute the next, since he would have to invert the hash function to come from all of the sent password. However, this is impossible.
Verification of the OTP to the server
The server has initially the same operation is carried out as the client and only memorized. The client sends to the server the first OTP. This verified it by again applying the hash function to the newly obtained OTP and the result is stored in the OTP compares itself. If the values match, the OTP is verified.
For the next verification, the server remembers now, and the client must send the next OTP.
Reinitialization
As with any authentication a new OTP is sent, and the counter reaches zero at some point, the OTP system must be reinitialized. For this, the client may, for example, independently choose a new seed and a new and share the server. Also can be agreed via a secure connection, a new common, secret password. In many tokens in use today, however, a communication of the value itself is not provided also.
Security
Since cryptographic hash functions are not invertible, the secret password can not be ascertained. Also, the system is protected against replay attacks, because each time a new password is transmitted.
But is only authenticates the client by the server. The servers will not authenticate to the client. Thus, an attacker could install a separate server on the network and pretend the client that this server is the authentication server is.