OTPWCalc Sources: src/firefoxos/help.html@09006594d51d (annotated)

src/firefoxos/help.html@09006594d51d (annotated)

src/firefoxos/help.html

Tue, 23 Apr 2013 22:01:36 +0200

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Tue, 23 Apr 2013 22:01:36 +0200
changeset 3: 09006594d51d
parent 0: 6a0957738c54
permissions: -rw-r--r--

Correct wording of internationalization and replace with abbreviations.

 <!DOCTYPE html>
 <!--
 OTPWCalc - One time password challenge response calculator client
 Copyright © 2013 Michael Schloh von Bennewitz <michael@schloh.com>
 OTPWCalc is free software: you can redistribute it and/or modify
 it under the terms of the European Union Public Licence, either
 version 1.1 of the license, or (at your option) any later version.
 OTPWCalc is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty
 of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
 the European Union Public License for more details.
 You should have received a copy of the European Union Public
 Licence along with OTPWCalc. If not, please refer to
 <http://joinup.ec.europa.eu/software/page/eupl/>.
 This file is part of project OTWPCalc, a one time password challenge
 response calculator client and is found at http://otpwcalc.europalab.com/
 help.html: W3C HTML implementation
 -->
 <html>
     <head>
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <title>OTPWCalc</title>
     <link rel="stylesheet" href="jquery.mobile/jquery.mobile-1.3.1.min.css" />
     <link rel="stylesheet" href="main.css" />
     <script src="jquery.core/jquery-1.9.1.js"></script>
     <script src="help.js"></script>
     <script src="jquery.mobile/jquery.mobile-1.3.1.min.js"></script>
 </head>
 <body>
     <!-- Data attributes reserved by JQuery Mobile:
          data-theme, data-ajax, data-filter, data-icon, data-grid,
          data-rel, data-icon, data-url, data-role, and data-type -->
     <div data-role="page" class="type-interior">
         <!-- H1 header data-role good for Search Engine Optimization -->
         <!--<div data-role="header" data-position="inline">-->
         <div data-role="header" data-position="fixed" data-id="headhelp">
             <h1>OTPWCalc</h1>
         </div><!-- /header -->
         <div data-role="content">
             <div class="content-primary">
                 <h1 style="text-align: center; margin: 0;">Help</h1>
                 <a href="#faq" data-role="button" data-theme="e" data-icon="otpwcalc-question" data-iconpos="right" data-transition="flow">F. A. Q.</a>
                 <a href="#quickstart" data-role="button" data-theme="e" data-icon="otpwcalc-qstart" data-iconpos="right" data-transition="flow">Quickstart</a>
                 <a href="#manpage" data-role="button" data-theme="e" data-icon="otpwcalc-manpage" data-iconpos="right" data-transition="flow">Manpage</a>
         <a href="//list.europalab.com/mailman/listinfo/otpwcalc/" data-role="button" data-theme="e" data-icon="otpwcalc-email" data-iconpos="right" data-transition="flow">Mailinglist</a>
                 <a href="#security" data-role="button" data-theme="e" data-icon="otpwcalc-security" data-iconpos="right" data-transition="flow">Security</a>
                 <a href="#standrfc" data-role="button" data-theme="e" data-icon="otpwcalc-document" data-iconpos="right" data-transition="flow">Standards</a>
             </div><!-- /content-primary -->
         </div><!-- /content -->
     </div><!-- /page -->
     <div data-role="page" class="type-interior" id="faq">
         <div data-role="header" data-id="headfaq">
             <h1>OTPWCalc</h1>
         </div><!-- /header -->
         <div data-role="content">
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d" data-inset="false" data-theme="c" data-content-theme="c">
                 <h3 style="margin-top: 0; margin-bottom: 0;">What is a One Time Password?</h3>
                 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">A One Time Password (OTP) is a password valid only for a <strong>single use</strong> and, once used, cannot be used again for authentication. OTPs avoid a number of shortcomings that are associated with traditional (static) passwords.</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>What can I do with this app?</h3>
                 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">This application serves one purpose only. It calculates and prints a OTP.</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>What can I do with OTPs?</h3>
                 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">Most people use OTPs to log in to their website administration, CMS, or remote console.</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>Can I log into my Google account?</h3>
                 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">No. Google uses OTPs, but in a slightly nonstandard way. OTPWCalc cannot calculate OTPs useful for Google authentication yet.</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>Can I log in to Win/OSX/Oracle?</h3>
                 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">Yes, but some work is needed on the Windows/OSX/Oracle computer to configure the authentication subsystem.</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>Can I log in to Unix/Linux?</h3>
                 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">Yes, by using PAM and it's quite easy.</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>What else can I do with it?</h3>
                 <ol style="margin-top: 0.5em;">
                     <li>Impress your friends</li>
                     <li>VPN authentication</li>
                     <li>Single sign on</li>
                     <li>Remote access</li>
                     <li>Computer login</li>
                     <li>Disk encryption</li>
                     <li>Internet services</li>
                     <li>Systems integration</li>
                     <li>CMS authentication</li>
                     <li>Password management</li>
                     <li>Email and money transfer</li>
                     <li>Bank transaction validation</li>
                 </ol>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>Can I install OTPWCalc on &hellip;?</h3>
                 <ul style="margin-top: 0.5em;">
                     <li>FirefoxOS: <strong>Yes</strong></li>
                     <li>Sailfish: No</li>
                     <li>Android: No</li>
                     <li>Tizen: <strong>Yes</strong></li>
                     <li>MeeGo: No</li>
                     <li>Bada: No</li>
                     <li>iOS: No</li>
                     <li>Unix: No</li>
                     <li>Linux: No</li>
                     <li>Mac OSX: No</li>
                     <li>BlackBerry QNX: No</li>
                     <li>Windows Phone: <strong>Yes</strong></li>
                     <li>Windows Store: <strong>Yes</strong></li>
                 </ul>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>Why isn't OTPWCalc compatible?</h3>
                 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">OTPWCalc might not be compatible with your platform of choice, usually because the necessary hardware isn't available to the author for development.</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>What happens to my password?</h3>
                 <p style="margin-top: 0.25em;">Take a look at the entry point in
                     <strong>main.js</strong>:</p>
                     <code style="margin-left: 2em; display:inline-block; line-height: 120%;">
                        var secr = $('#paswrd').val();<br />
                        var resp = hash(secr, user, iter);
                     </code>
                 <p style="margin-bottom: 0.25em;">In other words, the password you enter is neither stored nor transmitted. In fact, OTPWCalc doesn't store or transmit any data input <strong>at all</strong> (see James Bond question later.) It's a <em>calculator</em> in the true sense, just like a pocket calculator that adds numbers.</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>Is OTPWCalc safe and secure?</h3>
                 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">The algorithms of OTP have proven worthy of <strong>high security applications</strong>. OTPWCalc has been carefully designed and is tested thoroughly. It's both secure and safe to use.</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>Is it useful in a corporate setting?</h3>
                 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">Yes. Custom built enterprise versions are available accompanied with commercial support. Visit the <a href="//otpwcalc.europalab.com/">OTPWCalc homepage</a> for information.</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>Does James Bond use OTPWCalc?</h3>
                 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">Maybe, but spies probably just look over shoulders or use cameras to steal the static passwords used in OTP systems.</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>Same as Yubikey or RSA SecurID?</h3>
                 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">Yubikey, RSA SecurID, and OTPWCalc use similar technologies for similar applications, but OTPWCalc is strictly software and doesn't depend on the time or date.</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>How can I upgrade my OTPWCalc?</h3>
                 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">This varies according to the operating system used so there's no single answer.</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>Who owns OTPWCalc?</h3>
                 <p style="margin-top: 0.25em; margin-bottom: 0;">OTPWCalc is the property of the copyright holder, Michael Schloh von Bennewitz.</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>Is OTPWCalc licensed?</h3>
                 <p style="margin-top: 0.25em; margin-bottom: 0;">OTPWCalc is distributed under the terms of the <a href="//joinup.ec.europa.eu/software/page/eupl/">European Union Public Licence</a>. This liberal license grants you freedom to use the software and much more.</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>Which programming language?</h3>
                 <p style="margin-top: 0.25em; margin-bottom: 0;">OTPWCalc is built using the HTML, CSS, and JavaScript languages.</p>
                 <p style="margin-top: 0.5em; margin-bottom: 0.25em;">The jQuery Mobile and Apache Cordova development frameworks provide important additional features.</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>What are ongoing developments?</h3>
                 <p style="margin-top: 0.25em;">OTPWCalc is both active and stable, and follows a project management plan.</p>
                 <ul>
                     <li>It is undergoing i18n and l10n to several european languages.</li>
                     <li style="margin-top: 0.5em;"><strong>HMAC</strong>-based RFC 4226 (HOTP) is being implemented.</li>
                     <li style="margin-top: 0.5em;">Features like QR and OpenID integration are being explored.</li>
                     <li style="margin-top: 0.5em;">Most of all, OTPWCalc is being <em>ported to new platforms</em>.</li>
                 </ul>
                 <p style="margin-top: 0.5em; margin-bottom: 0.25em;">To request features or pose questions please write to the <a href="//list.europalab.com/mailman/listinfo/otpwcalc/">mailing list</a>.</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>How can I report a bogue (bug)?</h3>
                 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">Please write to the <a href="//list.europalab.com/mailman/listinfo/otpwcalc/">mailing list</a> stating the OTPWCalc version and platform. Thanks for every bug report!</p>
             </div>
             <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
                 <h3>My question isn't answered,<br />or this is just not working!</h3>
                 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">Please turn to the <a href="//list.europalab.com/mailman/listinfo/otpwcalc/">mailing list</a> and ask for help there. Answers appear in a day.</p>
             </div>
         </div><!-- /content -->
     </div><!-- /page -->
     <div data-role="page" class="type-interior" id="quickstart">
         <div data-role="header" data-position="fixed" data-id="headquick">
             <h1>OTPWCalc</h1>
         </div><!-- /header -->
         <div data-role="content">
             <h3 style="margin-top: 0; margin-bottom: 0;">
                 To start using OTPWCalc now&hellip;
             </h3>
             <ol style="margin-top: 0.5em; margin-bottom: 0;">
                 <li style="margin-bottom: 0.5em;">Install and configure a OTP authentication server on the <strong>host computer</strong>.</li>
                 <li style="margin-bottom: 0.5em;">Add a username, seed ID, and password to the OTP <strong>authentication server</strong>.</li>
                 <li style="margin-bottom: 0.5em;">Log in to the host computer providing the recently added username. The host computer will reply with a challange including the appropriate <strong>seed ID</strong> and a new <strong>counter number</strong>.</li>
                 <li style="margin-bottom: 0.5em;">Type the seed ID and counter number along with the corresponding password into OTPWCalc. Click <strong>Submit</strong>.</li>
                 <li style="margin-bottom: 0.5em;">Read the resulting OTP in <div style="display: inline-block; color: rgb(192,0,0); text-transform: normal;">red uppercase characters</div>.</li>
                 <li style="margin-bottom: 0.5em;">Type the OTP into the host computer console and&hellip;<br /><em>Enjoy <strong>secure</strong> access!</em></li>
             </ol>
         </div><!-- /content -->
     </div><!-- /page -->
     <div data-role="page" class="type-interior" id="manpage">
         <div data-role="header" data-position="fixed" data-id="headman">
             <h1>OTPWCalc</h1>
         </div><!-- /header -->
         <div data-role="content">
             <div style="float: left;">User Commands</div>
             <div style="float: right;">OTPWCalc(1)</div>
             <div style="clear: both;"></div>
             <div style="margin-top: 1.5em; text-transform: uppercase; font-size: 0.75em;">Name</div>
             <div style="margin-left: 2em; font-size: 0.75em;">OTPWCalc - Client application for calculating responses to OTP challenges.</div>
             <div style="margin-top: 1.5em; text-transform: uppercase; font-size: 0.75em;">Synopsis</div>
             <div style="margin-left: 2em; font-size: 0.75em;">OTPWCalc [-h] [-v] [-V]</div>
             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Description</div>
             <div style="margin-left: 2em; font-size: 0.75em;">Playing the role of a hardware
                 token in a client server authentication system as described
                 in RFC 2289, OTPWCalc calculates responses to incoming
                 authentication challenges as typed in by the user.</div>
             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Options</div>
             <div style="margin-left: 2em; font-size: 0.75em;">
                 -h Display a brief help message and exit.<br />
                 -v Print verbose text to the calling terminal.<br />
                 -V Print the version number and exit.
             </div>
             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Terms</div>
             <div style="margin-left: 2em; font-size: 0.75em;">Username</div>
             <div style="margin-left: 4em; font-size: 0.75em;">
                 The name that the server knows. For example, 'albertc'.
             </div>
             <div style="margin-left: 2em; font-size: 0.75em;">Secret</div>
             <div style="margin-left: 4em; font-size: 0.75em;">
                 A password, usually selected by the user, that is
                 needed to gain access to the server. For example,
                 'Mysec2-pw'.
             </div>
             <div style="margin-left: 2em; font-size: 0.75em;">Challenge</div>
             <div style="margin-left: 4em; font-size: 0.75em;">
                 Information printed by the server when it tries to
                 authenticate a user. This information is needed by
                 OTPWCalc to generate a proper response. For example,
                 'otp-md5 820 dinw23612'.
             </div>
             <div style="margin-left: 2em; font-size: 0.75em;">Response</div>
             <div style="margin-left: 4em; font-size: 0.75em;">
                 Information generated from a challenge that is used
                 by the server to authenticate the user. For example,
                 'BIEM ROSE JINX HARD BALL SKY NEW'.
             </div>
             <div style="margin-left: 2em; font-size: 0.75em;">Seed</div>
             <div style="margin-left: 4em; font-size: 0.75em;">
                 Information used in conjunction with the secret and
                 sequence number to compute the response. It allows
                 the same secret to be used for multiple sequences
                 by changing the seed, or for authentication to
                 multiple servers by using different seeds.
             </div>
             <div style="margin-left: 2em; font-size: 0.75em;">Sequence #</div>
             <div style="margin-left: 4em; font-size: 0.75em;">
                 A counter used to track key iterations. Each time
                 a successful response is received by the server the
                 sequence number is decremented. For example, 71.
             </div>
             <div style="margin-left: 2em; font-size: 0.75em;">Hash ID</div>
             <div style="margin-left: 4em; font-size: 0.75em;">
                 Text that identifies the cryptographical algorithm
                 used. The valid hash identifiers are 'otpmd4'
                 corresponding to MD4, and 'otp-md5' corresponding
                 to MD5.
             </div>
             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Files</div>
             <div style="margin-left: 2em; font-size: 0.75em;">
                 The application may store a cookie in a file used to
                 restore the most recent settings. The location of this
                 file (or arbitrary data structure) varies according to
                 the operating system.
             </div>
             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Bugs</div>
             <div style="margin-left: 2em; font-size: 0.75em;">This manual.</div>
             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Security</div>
             <div style="margin-left: 2em; font-size: 0.75em;">
                 All of the authentication strategies covered in the
                 standards implemented by this application are vulnerable
                 to man in the middle (MITM) attacks. The strategies can
                 be combined with public key logic to defeat such attacks.
             </div>
             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Standards</div>
             <div style="margin-left: 2em; font-size: 0.75em;">
                 The IETF standards RFC 1760 (The S/KEY One-Time Password
                 System) and RFC 2289 (A One-Time Password System) are
                 implemented.
             </div>
             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">See also</div>
             <div style="margin-left: 2em; font-size: 0.75em;">
                 None. This is a self contained, stand alone application with
                 no alias commands. It is unique in that it leverages open
                 technologies like Javascript to run unmodified on a variety
                 of operating systems.
             </div>
             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Author</div>
             <div style="margin-left: 2em; font-size: 0.75em;">
                 This application was written by <a href="//michael.schloh.com/">
                 Michael Schloh von Bennewitz</a>.
             </div>
             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Contact</div>
             <div style="margin-left: 2em; font-size: 0.75em;">
                 Please refer to the <a href="//otpwcalc.europalab.com/">
                 OTPWCalc homepage</a> for contact information.
             </div>
             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Support</div>
             <div style="margin-left: 2em; font-size: 0.75em;">
                 The <a href="//list.europalab.com/mailman/listinfo/otpwcalc/">
                 OTPWCalc mailing list</a> provides information and answers to
                 questions. Commercial support is provided by the
                 <a href="mailto:michael@schloh.com">author</a>.
             </div>
         </div><!-- /content -->
     </div><!-- /page -->
     <div data-role="page" class="type-interior" id="security">
         <div data-role="header" data-position="fixed" data-id="headsecurity">
             <h1>OTPWCalc</h1>
         </div><!-- /header -->
         <div data-role="content">
             <div data-role="collapsible" data-allow-collapse="false" data-collapsed="false" data-expanded-icon="otpwcalc-security" data-theme="c" data-content-theme="d">
                 <h1>Security</h1>
                 <p style="margin-top: 0; margin-bottom: 0; font-size: 1.1em; line-height: 125%;">General <strong>security concerns</strong> should be directed to the <a href="//list.europalab.com/mailman/listinfo/otpwcalc/">mailing list</a>, while those of a private nature should be sent directly to the <a href="mailto:michael@schloh.com">author</a>. X.509 certificates (for exchanging S/MIME encrypted email) and GnuPG keys (to verify released software signatures) reside on the <a href="//michael.schloh.com/">author's website</a>.</p>
                 <p style="margin-top: 0.5em; margin-bottom: 0; font-size: 1.1em; line-height: 125%;">Please monitor the mailing list and keep your installation of OTPWCalc <strong>up to date</strong>!</p>
             </div><!-- /collapsible -->
         </div><!-- /content -->
     </div><!-- /page -->
     <div data-role="page" class="type-interior" id="standrfc">
         <div data-role="header" data-position="fixed" data-id="headrfc">
             <h1>OTPWCalc</h1>
         </div><!-- /header -->
         <div data-role="content">
             <div data-role="collapsible" data-allow-collapse="false" data-collapsed="false" data-expanded-icon="otpwcalc-document" data-theme="c" data-content-theme="d">
                 <h1>Standards</h1>
                 <p style="font-size: 1.1em; line-height: 125%;">This application implements<br />the following <strong>standards</strong>:</p>
                 <ul>
                     <li>
                         <a href="//tools.ietf.org/html/rfc2289/">RFC 2289, A One-Time Password System</a>
                     </li>
                 </ul>
             </div><!-- /collapsible -->
         </div><!-- /content -->
     </div><!-- /page -->
 </body>
 </html>

OTPWCalc Sources / annotate

src/firefoxos/help.html@09006594d51d (annotated)

src/firefoxos/help.html