Details of how One-Time-Passwords work

88 views
Skip to first unread message

jmt

unread,
Aug 26, 2010, 10:26:54 AM8/26/10
to Clipperz
I am wondering exactly (using all the cryptography jargon you wish to)
one-time-passwords work?
How are they able to decrypt the content from the server?
How are they able to authenticate the user against the server?

The more detail the better! I did a quick search of the mailing list
where somebody asked a similar question but I found the response
didn't have as much detail as I hoped it would.

Thanks so much, this is a really fantastic and extremely useful
project.


-- Jon

John Clements

unread,
Aug 26, 2010, 6:08:32 PM8/26/10
to thack...@gmail.com, Clipperz

Total guess, someone correct me:

When you generate a one-time key, you are encrypting a string containing your password, and storing it on the server associated with your name. So, when you use a one-time password, the javascript code running in your browser simply tries that one-time password against all of the encrypted one-time-password records associated with your account. After recovering your password (locally, mind you), it then decrypts your main record.

Note that one consequence of this design (if I'm right) is that your password is actually stored by the javascript code running in the clipperz window.

Again, correct me if I'm wrong.

John Clements

giulio...@gmail.com

unread,
Aug 27, 2010, 4:05:20 AM8/27/10
to thack...@gmail.com, johnbc...@gmail.com, Clipperz
Hello,

John's guess is close, but he misses a few very relevant details. And
you should already know that evil, but also awesomeness, is often
hidden into details.

So what does an OTP looks like.

To begin with, the OTP is just a completely random value, 256 bits long.

With this value, we encrypt a fixed size packed that contains your
passphrase. We are adding variable padding (pre and post) in order to
have all encrypted OTPs stored on the server of the same length, in
order to avoid providing any clue on the actual passphrase length.

Than we compute two values:
- the 'signature' of the OTP: SHA2-256(OTP);
- and the verifier of the OTP: SHA2-256(username + OTP);

At this point we store the following data on the server:
- encrypted block containing the passphrase;
- OTP signature;
- OTP verifier


When you use an OTP to authenticate, this is what is going on:
- using the data of the login form, we compute the OTP signature and
OTP verifier, and we send this data to the server;
- the server loads the OTP data using the OTP signature as lookup key;
- if the OTP verifier matches, it returns the OTP data; if the OTP
verifier does not match, the OTP data is immediately deleted, as
someone tried to redeem an OTP with the wrong username, and this may
happen if someone finds your OTPs and is trying to guess your
username. In this way, they only have one chance per OTP to guess it.
- when the browser receives the OTP data, it decrypts its content,
retrieve the passphrase, and start a regular authentication procedure.


I hope you can appreciate the level of attention we have put into
designing this procedure, that from the user point of view is used as
a regular login form (in the /gamma version this is even more extreme,
as you can use an OTP wherever you are supposed to insert the
passphrase).

Best regards,

Giulio Cesare

jon thacker

unread,
Aug 30, 2010, 1:56:09 PM8/30/10
to giulio...@gmail.com, johnbc...@gmail.com, Clipperz
This is fantastic.  Thanks for really clearing that up for me.  I thinks its really great how much thought you all have put into this product.

Thanks,
  Jon

Jacek Dargiel

unread,
Dec 29, 2013, 9:35:10 PM12/29/13
to clip...@googlegroups.com, thack...@gmail.com, johnbc...@gmail.com
Hello Giulio,

I would like to ask you to be more specific on the encrypted form of the passphrase stored on the server. How is it encrypted? Can it be decrypted by directly accessing the contents of your database? Can clipperz staff decrypt it? If no, then how is it that the users browser can decrypt it?

Asher Baker

unread,
Dec 30, 2013, 3:07:31 AM12/30/13
to ja...@dargiel.net, clip...@googlegroups.com
It's encrypted with the OTP you enter during login.


~~~~~
"Their heads are green, and their hands are blue,
      And they went to sea in a Sieve." - Edward Lear


--
You received this message because you are subscribed to the Google Groups "Clipperz" group.
To unsubscribe from this group and stop receiving emails from it, send an email to clipperz+u...@googlegroups.com.
To post to this group, send email to clip...@googlegroups.com.
Visit this group at http://groups.google.com/group/clipperz.
For more options, visit https://groups.google.com/groups/opt_out.

giulio...@gmail.com

unread,
Dec 31, 2013, 3:10:42 AM12/31/13
to ja...@dargiel.net, clip...@googlegroups.com
Jackel,

at the moment I am very busy; I will try to provide a sound answer in the next days.
Please, ping me back if you don't hear me for a while.

Asher short answer is basically correct, but there are many details that need to be clarified in order to make sense of it.

Giulio Cesare

Reply all
Reply to author
Forward
0 new messages