one-time-passwords.html

这是很好的学习嵌入式LINUX的文章

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>一次性口令</title>
<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
<link rel="HOME" title="FreeBSD 使用手册" href="index.html" />
<link rel="UP" title="安全" href="security.html" />
<link rel="PREVIOUS" title="DES，MD5，以及Crypt" href="crypt.html" />
<link rel="NEXT" title="KerberosIV" href="kerberosiv.html" />
<link rel="STYLESHEET" type="text/css" href="docbook.css" />
<meta http-equiv="Content-Type" content="text/html; charset=GB2312" />
</head>
<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
alink="#0000FF">
<div class="NAVHEADER">
<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<th colspan="3" align="center">FreeBSD 使用手册</th>
</tr>

<tr>
<td width="10%" align="left" valign="bottom"><a href="crypt.html"
accesskey="P">后退</a></td>
<td width="80%" align="center" valign="bottom">章 14. 安全</td>
<td width="10%" align="right" valign="bottom"><a href="kerberosiv.html"
accesskey="N">前进</a></td>
</tr>
</table>

<hr align="LEFT" width="100%" />
</div>

<div class="SECT1">
<h1 class="SECT1"><a id="ONE-TIME-PASSWORDS" name="ONE-TIME-PASSWORDS">14.5.
一次性口令</a></h1>

<p>S/Key 是基于单向 hash 功能的一次性密码管理方式。 为了考虑兼容性而使用了 MD4 散列，
而其他系统则使用了 MD5 和 DES-MAC。 S/Key 从 1.1.5 版之后就一直是 FreeBSD
基本系统的一部分， 包含这一特性的操作系统也日益增多。 S/Key 是 Bell Communications
Research, Inc. 的注册商标。</p>

<p>从 FreeBSD 的 5.0 版开始， S/Key 被功能相同的 OPIE (One-time Passwords In Everything)
取代了。 OPIE 默认使用 MD5 散列。</p>

<p>下面将介绍三种不同的口令。 第一种是您常用的 <span class="TRADEMARK">UNIX</span>&reg;
风格或 Kerberos 口令; 我们在后面的章节中将称其为 ``<span class="TRADEMARK">UNIX</span>
口令''。 第二种是使用 S/Key <tt class="COMMAND">key</tt> 程序或 OPIE <span
class="CITEREFENTRY"><span class="REFENTRYTITLE">opiekey</span>(1)</span> 程序生成， 并为
<tt class="COMMAND">keyinit</tt> 或 <span class="CITEREFENTRY"><span
class="REFENTRYTITLE">opiepasswd</span>(1)</span>
以及登录提示所接受的一次性口令，我们称其为 ``一次性口令''。 最后一类口令是您输入给 <tt
class="COMMAND">key</tt>/<tt class="COMMAND">opiekey</tt> 程序 (有些时候是 <tt
class="COMMAND">keyinit</tt>/<tt class="COMMAND">opiepasswd</tt> 程序)
用以产生一次性口令的秘密口令，我们称其为 ``秘密口令'' 或简称为 ``秘密口令''。</p>

<p>秘密口令和您的 <span class="TRADEMARK">UNIX</span> 口令毫无关系，
尽管可以设置为相同的， 但不推荐这么做。 S/Key 和 OPIE 秘密口令并不像旧式的 <span
class="TRADEMARK">UNIX</span> 口令那样只能限于8位以内<a id="AEN19046" name="AEN19046"
href="#FTN.AEN19046"><span class="footnote">[1]</span></a>。 您想要用多长的口令都可以。
有六、七个词的短句是很常见的选择。 在绝大多数时候， S/Key 或 OPIE 系统和 <span
class="TRADEMARK">UNIX</span> 口令系统完全相互独立地工作。</p>

<p>除了口令之外， 对于 S/Key 和 OPIE 还有两组至关重要的数据。 其一被称作 ``种子'' 或
``key''， 它包括两个字符和五个数字。 另一个被称作 ``迭代轮数''， 这是一个 1 到 100
之间的数字。 S/Key 通过将种子加到秘密口令后面， 并执行迭代轮数那么多次的 MD4/MD5
散列运算来得到结果， 并将结果表示为 6 个短的英文单词。 这 6
个英文单词就是您的一次性口令。 验证系统 (主要是 PAM) 会记录上次使用的一次性口令，
如果用户提供的口令的散列值与上次一致， 则可以通过身份验证。 由于使用了单向的散列函数，
因此即使截获了上次使用的口令， 也没有办法恢复出下次将要使用的口令；
每次成功登录都将导致迭代轮数递减， 这样用户和登录程序将保持同步。 当迭代轮数减少到 1 时，
都必须重新初始化 S/Key 和 OPIE。</p>

<p>There are three programs involved in each system which we will discuss below. The <tt
class="COMMAND">key</tt> and <tt class="COMMAND">opiekey</tt> programs accept an
iteration count, a seed, and a secret password, and generate a one-time password or a
consecutive list of one-time passwords. The <tt class="COMMAND">keyinit</tt> and <tt
class="COMMAND">opiepasswd</tt> programs are used to initialize S/Key and OPIE
respectively, and to change passwords, iteration counts, or seeds; they take either a
secret passphrase, or an iteration count, seed, and one-time password. The <tt
class="COMMAND">keyinfo</tt> and <tt class="COMMAND">opieinfo</tt> programs examine the
relevant credentials files (<tt class="FILENAME">/etc/skeykeys</tt> or <tt
class="FILENAME">/etc/opiekeys</tt>) and print out the invoking user's current iteration
count and seed.</p>

<p>There are four different sorts of operations we will cover. The first is using <tt
class="COMMAND">keyinit</tt> or <tt class="COMMAND">opiepasswd</tt> over a secure
connection to set up one-time-passwords for the first time, or to change your password or
seed. The second operation is using <tt class="COMMAND">keyinit</tt> or <tt
class="COMMAND">opiepasswd</tt> over an insecure connection, in conjunction with <tt
class="COMMAND">key</tt> or <tt class="COMMAND">opiekey</tt> over a secure connection, to
do the same. The third is using <tt class="COMMAND">key</tt>/<tt
class="COMMAND">opiekey</tt> to log in over an insecure connection. The fourth is using
<tt class="COMMAND">key</tt> or <tt class="COMMAND">opiekey</tt> to generate a number of
keys which can be written down or printed out to carry with you when going to some
location without secure connections to anywhere.</p>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN19073" name="AEN19073">14.5.1. Secure Connection
Initialization</a></h2>

<p>To initialize S/Key for the first time, change your password, or change your seed
while logged in over a secure connection (e.g., on the console of a machine or via <b
class="APPLICATION">ssh</b>), use the <tt class="COMMAND">keyinit</tt> command without
any parameters while logged in as yourself:</p>

<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">keyinit</kbd>
Adding unfurl:
Reminder - Only use this method if you are directly connected.
If you are using telnet or rlogin exit with no password and use keyinit -s.
Enter secret password:
Again secret password:

ID unfurl s/key is 99 to17757
DEFY CLUB PRO NASH LACE SOFT
</pre>

<p>For OPIE, <tt class="COMMAND">opiepasswd</tt> is used instead:</p>

<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">opiepasswd -c</kbd>
[grimreaper] ~ $ opiepasswd -f -c
Adding unfurl:
Only use this method from the console; NEVER from remote. If you are using
telnet, xterm, or a dial-in, type ^C now or exit with no password.
Then run opiepasswd without the -c parameter.
Using MD5 to compute responses.
Enter new secret pass phrase:
Again new secret pass phrase:
ID unfurl OTP key is 499 to4268
MOS MALL GOAT ARM AVID COED
</pre>

<p>At the <samp class="PROMPT">Enter new secret pass phrase:</samp> or <samp
class="PROMPT">Enter secret password:</samp> prompts, you should enter a password or
phrase. Remember, this is not the password that you will use to login with, this is used
to generate your one-time login keys. The ``ID'' line gives the parameters of your
particular instance: your login name, the iteration count, and seed. When logging in the
system will remember these parameters and present them back to you so you do not have to
remember them. The last line gives the particular one-time password which corresponds to
those parameters and your secret password; if you were to re-login immediately, this
one-time password is the one you would use.</p>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN19090" name="AEN19090">14.5.2. Insecure Connection
Initialization</a></h2>

<p>To initialize or change your secret password over an insecure connection, you will
need to already have a secure connection to some place where you can run <tt
class="COMMAND">key</tt> or <tt class="COMMAND">opiekey</tt>; this might be in the form
of a desk accessory on a <span class="TRADEMARK">Macintosh</span>&reg;, or a shell prompt
on a machine you trust. You will also need to make up an iteration count (100 is probably
a good value), and you may make up your own seed or use a randomly-generated one. Over on
the insecure connection (to the machine you are initializing), use the <tt
class="COMMAND">keyinit -s</tt> command:</p>

<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">keyinit -s</kbd>
Updating unfurl:
Old key: to17758
Reminder you need the 6 English words from the key command.
Enter sequence count from 1 to 9999: <kbd class="USERINPUT">100</kbd>
Enter new key [default to17759]:
s/key 100 to 17759
s/key access password:
s/key access password:<kbd class="USERINPUT">CURE MIKE BANE HIM RACY GORE</kbd>
</pre>

<p>For OPIE, you need to use <tt class="COMMAND">opiepasswd</tt>:</p>

<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">opiepasswd</kbd>

Updating unfurl:
You need the response from an OTP generator.
Old secret pass phrase:
        otp-md5 498 to4268 ext
        Response: GAME GAG WELT OUT DOWN CHAT
New secret pass phrase:
        otp-md5 499 to4269
        Response: LINE PAP MILK NELL BUOY TROY

ID mark OTP key is 499 gr4269
LINE PAP MILK NELL BUOY TROY
</pre>

<p>To accept the default seed (which the <tt class="COMMAND">keyinit</tt> program
confusingly calls a <var class="LITERAL">key</var>), press <b class="KEYCAP">Return</b>.
Then before entering an access password, move over to your secure connection or S/Key
desk accessory, and give it the same parameters:</p>

<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">key 100 to17759</kbd>
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password: <kbd class="USERINPUT">&lt;secret password&gt;</kbd>
CURE MIKE BANE HIM RACY GORE
</pre>

<p>Or for OPIE:</p>

<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">opiekey 498 to4268</kbd>
Using the MD5 algorithm to compute response.
Reminder: Don't use opiekey from telnet or dial-in sessions.
Enter secret pass phrase:
GAME GAG WELT OUT DOWN CHAT
</pre>

<p>Now switch back over to the insecure connection, and copy the one-time password
generated over to the relevant program.</p>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN19120" name="AEN19120">14.5.3. Generating a Single One-time
Password</a></h2>

<p>Once you have initialized S/Key or OPIE, when you login you will be presented with a