Total guess, someone correct me:
When you generate a one-time key, you are encrypting a string containing your password, and storing it on the server associated with your name. So, when you use a one-time password, the javascript code running in your browser simply tries that one-time password against all of the encrypted one-time-password records associated with your account. After recovering your password (locally, mind you), it then decrypts your main record.
Note that one consequence of this design (if I'm right) is that your password is actually stored by the javascript code running in the clipperz window.
Again, correct me if I'm wrong.
John Clements
John's guess is close, but he misses a few very relevant details. And
you should already know that evil, but also awesomeness, is often
hidden into details.
So what does an OTP looks like.
To begin with, the OTP is just a completely random value, 256 bits long.
With this value, we encrypt a fixed size packed that contains your
passphrase. We are adding variable padding (pre and post) in order to
have all encrypted OTPs stored on the server of the same length, in
order to avoid providing any clue on the actual passphrase length.
Than we compute two values:
- the 'signature' of the OTP: SHA2-256(OTP);
- and the verifier of the OTP: SHA2-256(username + OTP);
At this point we store the following data on the server:
- encrypted block containing the passphrase;
- OTP signature;
- OTP verifier
When you use an OTP to authenticate, this is what is going on:
- using the data of the login form, we compute the OTP signature and
OTP verifier, and we send this data to the server;
- the server loads the OTP data using the OTP signature as lookup key;
- if the OTP verifier matches, it returns the OTP data; if the OTP
verifier does not match, the OTP data is immediately deleted, as
someone tried to redeem an OTP with the wrong username, and this may
happen if someone finds your OTPs and is trying to guess your
username. In this way, they only have one chance per OTP to guess it.
- when the browser receives the OTP data, it decrypts its content,
retrieve the passphrase, and start a regular authentication procedure.
I hope you can appreciate the level of attention we have put into
designing this procedure, that from the user point of view is used as
a regular login form (in the /gamma version this is even more extreme,
as you can use an OTP wherever you are supposed to insert the
passphrase).
Best regards,
Giulio Cesare
--
You received this message because you are subscribed to the Google Groups "Clipperz" group.
To unsubscribe from this group and stop receiving emails from it, send an email to clipperz+u...@googlegroups.com.
To post to this group, send email to clip...@googlegroups.com.
Visit this group at http://groups.google.com/group/clipperz.
For more options, visit https://groups.google.com/groups/opt_out.