OTPWCalc Sources: comparison src/firefoxos/help.html

--1:000000000000
+:1d76c3811ccf
+<!DOCTYPE html>
+<!--
+OTPWCalc - One time password challenge response calculator client
+Copyright © 2013 Michael Schloh von Bennewitz <michael@schloh.com>
+OTPWCalc is free software: you can redistribute it and/or modify
+it under the terms of the European Union Public Licence, either
+version 1.1 of the license, or (at your option) any later version.
+OTPWCalc is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty
+of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
+the European Union Public License for more details.
+You should have received a copy of the European Union Public
+Licence along with OTPWCalc. If not, please refer to
+<http://joinup.ec.europa.eu/software/page/eupl/>.
+This file is part of project OTWPCalc, a one time password challenge
+response calculator client and is found at http://otpwcalc.europalab.com/
+help.html: W3C HTML implementation
+-->
+<html>
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>OTPWCalc</title>
+<link rel="stylesheet" href="jquery.mobile/jquery.mobile-1.3.1.min.css" />
+<link rel="stylesheet" href="main.css" />
+<script src="jquery.core/jquery-1.9.1.js"></script>
+<script src="help.js"></script>
+<script src="jquery.mobile/jquery.mobile-1.3.1.min.js"></script>
+</head>
+<body>
+<!-- Data attributes reserved by JQuery Mobile:
+data-theme, data-ajax, data-filter, data-icon, data-grid,
+data-rel, data-icon, data-url, data-role, and data-type -->
+<div data-role="page" class="type-interior">
+<!-- H1 header data-role good for Search Engine Optimization -->
+<!--<div data-role="header" data-position="inline">-->
+<div data-role="header" data-position="fixed" data-id="headhelp">
+<h1>OTPWCalc</h1>
+</div><!-- /header -->
+<div data-role="content">
+<div class="content-primary">
+<h1 style="text-align: center; margin: 0;">Help</h1>
+<a href="#faq" data-role="button" data-theme="e" data-icon="otpwcalc-question" data-iconpos="right" data-transition="flow">F. A. Q.</a>
+<a href="#quickstart" data-role="button" data-theme="e" data-icon="otpwcalc-qstart" data-iconpos="right" data-transition="flow">Quickstart</a>
+<a href="#manpage" data-role="button" data-theme="e" data-icon="otpwcalc-manpage" data-iconpos="right" data-transition="flow">Manpage</a>
+<a href="//list.europalab.com/mailman/listinfo/otpwcalc/" data-role="button" data-theme="e" data-icon="otpwcalc-email" data-iconpos="right" data-transition="flow">Mailinglist</a>
+<a href="#security" data-role="button" data-theme="e" data-icon="otpwcalc-security" data-iconpos="right" data-transition="flow">Security</a>
+<a href="#standrfc" data-role="button" data-theme="e" data-icon="otpwcalc-document" data-iconpos="right" data-transition="flow">Standards</a>
+</div><!-- /content-primary -->
+</div><!-- /content -->
+</div><!-- /page -->
+<div data-role="page" class="type-interior" id="faq">
+<div data-role="header" data-id="headfaq">
+<h1>OTPWCalc</h1>
+</div><!-- /header -->
+<div data-role="content">
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d" data-inset="false" data-theme="c" data-content-theme="c">
+<h3 style="margin-top: 0; margin-bottom: 0;">What is a One Time Password?</h3>
+<p style="margin-top: 0.25em; margin-bottom: 0.25em;">A One Time Password (OTP) is a password valid only for a <strong>single use</strong> and, once used, cannot be used again for authentication. OTPs avoid a number of shortcomings that are associated with traditional (static) passwords.</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>What can I do with this app?</h3>
+<p style="margin-top: 0.25em; margin-bottom: 0.25em;">This application serves one purpose only. It calculates and prints a OTP.</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>What can I do with OTPs?</h3>
+<p style="margin-top: 0.25em; margin-bottom: 0.25em;">Most people use OTPs to log in to their website administration, CMS, or remote console.</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>Can I log into my Google account?</h3>
+<p style="margin-top: 0.25em; margin-bottom: 0.25em;">No. Google uses OTPs, but in a slightly nonstandard way. OTPWCalc cannot calculate OTPs useful for Google authentication yet.</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>Can I log in to Win/OSX/Oracle?</h3>
+<p style="margin-top: 0.25em; margin-bottom: 0.25em;">Yes, but some work is needed on the Windows/OSX/Oracle computer to configure the authentication subsystem.</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>Can I log in to Unix/Linux?</h3>
+<p style="margin-top: 0.25em; margin-bottom: 0.25em;">Yes, by using PAM and it's quite easy.</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>What else can I do with it?</h3>
+<ol style="margin-top: 0.5em;">
+<li>Impress your friends</li>
+<li>VPN authentication</li>
+<li>Single sign on</li>
+<li>Remote access</li>
+<li>Computer login</li>
+<li>Disk encryption</li>
+<li>Internet services</li>
+<li>Systems integration</li>
+<li>CMS authentication</li>
+<li>Password management</li>
+<li>Email and money transfer</li>
+<li>Bank transaction validation</li>
+</ol>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>Can I install OTPWCalc on &hellip;?</h3>
+<ul style="margin-top: 0.5em;">
+<li>FirefoxOS: <strong>Yes</strong></li>
+<li>Sailfish: No</li>
+<li>Android: No</li>
+<li>Tizen: <strong>Yes</strong></li>
+<li>MeeGo: No</li>
+<li>Bada: No</li>
+<li>iOS: No</li>
+<li>Unix: No</li>
+<li>Linux: No</li>
+<li>Mac OSX: No</li>
+<li>BlackBerry QNX: No</li>
+<li>Windows Phone: <strong>Yes</strong></li>
+<li>Windows Store: <strong>Yes</strong></li>
+</ul>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>Why isn't OTPWCalc compatible?</h3>
+<p style="margin-top: 0.25em; margin-bottom: 0.25em;">OTPWCalc might not be compatible with your platform of choice, usually because the necessary hardware isn't available to the author for development.</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>What happens to my password?</h3>
+<p style="margin-top: 0.25em;">Take a look at the entry point in
+<strong>main.js</strong>:</p>
+<code style="margin-left: 2em; display:inline-block; line-height: 120%;">
+var secr = $('#paswrd').val();<br />
+var resp = hash(secr, user, iter);
+</code>
+<p style="margin-bottom: 0.25em;">In other words, the password you enter is neither stored nor transmitted. In fact, OTPWCalc doesn't store or transmit any data input <strong>at all</strong> (see James Bond question later.) It's a <em>calculator</em> in the true sense, just like a pocket calculator that adds numbers.</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>Is OTPWCalc safe and secure?</h3>
+<p style="margin-top: 0.25em; margin-bottom: 0.25em;">The algorithms of OTP have proven worthy of <strong>high security applications</strong>. OTPWCalc has been carefully designed and is tested thoroughly. It's both secure and safe to use.</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>Is it useful in a corporate setting?</h3>
+<p style="margin-top: 0.25em; margin-bottom: 0.25em;">Yes. Custom built enterprise versions are available accompanied with commercial support. Visit the <a href="//otpwcalc.europalab.com/">OTPWCalc homepage</a> for information.</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>Does James Bond use OTPWCalc?</h3>
+<p style="margin-top: 0.25em; margin-bottom: 0.25em;">Maybe, but spies probably just look over shoulders or use cameras to steal the static passwords used in OTP systems.</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>Same as Yubikey or RSA SecurID?</h3>
+<p style="margin-top: 0.25em; margin-bottom: 0.25em;">Yubikey, RSA SecurID, and OTPWCalc use similar technologies for similar applications, but OTPWCalc is strictly software and doesn't depend on the time or date.</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>How can I upgrade my OTPWCalc?</h3>
+<p style="margin-top: 0.25em; margin-bottom: 0.25em;">This varies according to the operating system used so there's no single answer.</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>Who owns OTPWCalc?</h3>
+<p style="margin-top: 0.25em; margin-bottom: 0;">OTPWCalc is the property of the copyright holder, Michael Schloh von Bennewitz.</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>Is OTPWCalc licensed?</h3>
+<p style="margin-top: 0.25em; margin-bottom: 0;">OTPWCalc is distributed under the terms of the <a href="//joinup.ec.europa.eu/software/page/eupl/">European Union Public Licence</a>. This liberal license grants you freedom to use the software and much more.</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>Which programming language?</h3>
+<p style="margin-top: 0.25em; margin-bottom: 0;">OTPWCalc is built using the HTML, CSS, and JavaScript languages.</p>
+<p style="margin-top: 0.5em; margin-bottom: 0.25em;">The jQuery Mobile and Apache Cordova development frameworks provide important additional features.</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>What are ongoing developments?</h3>
+<p style="margin-top: 0.25em;">OTPWCalc is both active and stable, and follows a project management plan.</p>
+<ul>
+<li>It is undergoing nationalization to several european languages.</li>
+<li style="margin-top: 0.5em;"><strong>HMAC</strong>-based RFC 4226 (HOTP) is being implemented.</li>
+<li style="margin-top: 0.5em;">Features like QR and OpenID integration are being explored.</li>
+<li style="margin-top: 0.5em;">Most of all, OTPWCalc is being <em>ported to new platforms</em>.</li>
+</ul>
+<p style="margin-top: 0.5em; margin-bottom: 0.25em;">To request features or pose questions please write to the <a href="//list.europalab.com/mailman/listinfo/otpwcalc/">mailing list</a>.</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>How can I report a bogue (bug)?</h3>
+<p style="margin-top: 0.25em; margin-bottom: 0.25em;">Please write to the <a href="//list.europalab.com/mailman/listinfo/otpwcalc/">mailing list</a> stating the OTPWCalc version and platform. Thanks for every bug report!</p>
+</div>
+<div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
+<h3>My question isn't answered,<br />or this is just not working!</h3>
+<p style="margin-top: 0.25em; margin-bottom: 0.25em;">Please turn to the <a href="//list.europalab.com/mailman/listinfo/otpwcalc/">mailing list</a> and ask for help there. Answers appear in a day.</p>
+</div>
+</div><!-- /content -->
+</div><!-- /page -->
+<div data-role="page" class="type-interior" id="quickstart">
+<div data-role="header" data-position="fixed" data-id="headquick">
+<h1>OTPWCalc</h1>
+</div><!-- /header -->
+<div data-role="content">
+<h3 style="margin-top: 0; margin-bottom: 0;">
+To start using OTPWCalc now&hellip;
+</h3>
+<ol style="margin-top: 0.5em; margin-bottom: 0;">
+<li style="margin-bottom: 0.5em;">Install and configure a OTP authentication server on the <strong>host computer</strong>.</li>
+<li style="margin-bottom: 0.5em;">Add a username, seed ID, and password to the OTP <strong>authentication server</strong>.</li>
+<li style="margin-bottom: 0.5em;">Log in to the host computer providing the recently added username. The host computer will reply with a challange including the appropriate <strong>seed ID</strong> and a new <strong>counter number</strong>.</li>
+<li style="margin-bottom: 0.5em;">Type the seed ID and counter number along with the corresponding password into OTPWCalc. Click <strong>Submit</strong>.</li>
+<li style="margin-bottom: 0.5em;">Read the resulting OTP in <div style="display: inline-block; color: rgb(192,0,0); text-transform: normal;">red uppercase characters</div>.</li>
+<li style="margin-bottom: 0.5em;">Type the OTP into the host computer console and&hellip;<br /><em>Enjoy <strong>secure</strong> access!</em></li>
+</ol>
+</div><!-- /content -->
+</div><!-- /page -->
+<div data-role="page" class="type-interior" id="manpage">
+<div data-role="header" data-position="fixed" data-id="headman">
+<h1>OTPWCalc</h1>
+</div><!-- /header -->
+<div data-role="content">
+<div style="float: left;">User Commands</div>
+<div style="float: right;">OTPWCalc(1)</div>
+<div style="clear: both;"></div>
+<div style="margin-top: 1.5em; text-transform: uppercase; font-size: 0.75em;">Name</div>
+<div style="margin-left: 2em; font-size: 0.75em;">OTPWCalc - Client application for calculating responses to OTP challenges.</div>
+<div style="margin-top: 1.5em; text-transform: uppercase; font-size: 0.75em;">Synopsis</div>
+<div style="margin-left: 2em; font-size: 0.75em;">OTPWCalc [-h] [-v] [-V]</div>
+<div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Description</div>
+<div style="margin-left: 2em; font-size: 0.75em;">Playing the role of a hardware
+token in a client server authentication system as described
+in RFC 2289, OTPWCalc calculates responses to incoming
+authentication challenges as typed in by the user.</div>
+<div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Options</div>
+<div style="margin-left: 2em; font-size: 0.75em;">
+-h Display a brief help message and exit.<br />
+-v Print verbose text to the calling terminal.<br />
+-V Print the version number and exit.
+</div>
+<div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Terms</div>
+<div style="margin-left: 2em; font-size: 0.75em;">Username</div>
+<div style="margin-left: 4em; font-size: 0.75em;">
+The name that the server knows. For example, 'albertc'.
+</div>
+<div style="margin-left: 2em; font-size: 0.75em;">Secret</div>
+<div style="margin-left: 4em; font-size: 0.75em;">
+A password, usually selected by the user, that is
+needed to gain access to the server. For example,
+'Mysec2-pw'.
+</div>
+<div style="margin-left: 2em; font-size: 0.75em;">Challenge</div>
+<div style="margin-left: 4em; font-size: 0.75em;">
+Information printed by the server when it tries to
+authenticate a user. This information is needed by
+OTPWCalc to generate a proper response. For example,
+'otp-md5 820 dinw23612'.
+</div>
+<div style="margin-left: 2em; font-size: 0.75em;">Response</div>
+<div style="margin-left: 4em; font-size: 0.75em;">
+Information generated from a challenge that is used
+by the server to authenticate the user. For example,
+'BIEM ROSE JINX HARD BALL SKY NEW'.
+</div>
+<div style="margin-left: 2em; font-size: 0.75em;">Seed</div>
+<div style="margin-left: 4em; font-size: 0.75em;">
+Information used in conjunction with the secret and
+sequence number to compute the response. It allows
+the same secret to be used for multiple sequences
+by changing the seed, or for authentication to
+multiple servers by using different seeds.
+</div>
+<div style="margin-left: 2em; font-size: 0.75em;">Sequence #</div>
+<div style="margin-left: 4em; font-size: 0.75em;">
+A counter used to track key iterations. Each time
+a successful response is received by the server the
+sequence number is decremented. For example, 71.
+</div>
+<div style="margin-left: 2em; font-size: 0.75em;">Hash ID</div>
+<div style="margin-left: 4em; font-size: 0.75em;">
+Text that identifies the cryptographical algorithm
+used. The valid hash identifiers are 'otpmd4'
+corresponding to MD4, and 'otp-md5' corresponding
+to MD5.
+</div>
+<div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Files</div>
+<div style="margin-left: 2em; font-size: 0.75em;">
+The application may store a cookie in a file used to
+restore the most recent settings. The location of this
+file (or arbitrary data structure) varies according to
+the operating system.
+</div>
+<div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Bugs</div>
+<div style="margin-left: 2em; font-size: 0.75em;">This manual.</div>
+<div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Security</div>
+<div style="margin-left: 2em; font-size: 0.75em;">
+All of the authentication strategies covered in the
+standards implemented by this application are vulnerable
+to man in the middle (MITM) attacks. The strategies can
+be combined with public key logic to defeat such attacks.
+</div>
+<div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Standards</div>
+<div style="margin-left: 2em; font-size: 0.75em;">
+The IETF standards RFC 1760 (The S/KEY One-Time Password
+System) and RFC 2289 (A One-Time Password System) are
+implemented.
+</div>
+<div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">See also</div>
+<div style="margin-left: 2em; font-size: 0.75em;">
+None. This is a self contained, stand alone application with
+no alias commands. It is unique in that it leverages open
+technologies like Javascript to run unmodified on a variety
+of operating systems.
+</div>
+<div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Author</div>
+<div style="margin-left: 2em; font-size: 0.75em;">
+This application was written by <a href="//michael.schloh.com/">
+Michael Schloh von Bennewitz</a>.
+</div>
+<div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Contact</div>
+<div style="margin-left: 2em; font-size: 0.75em;">
+Please refer to the <a href="//otpwcalc.europalab.com/">
+OTPWCalc homepage</a> for contact information.
+</div>
+<div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Support</div>
+<div style="margin-left: 2em; font-size: 0.75em;">
+The <a href="//list.europalab.com/mailman/listinfo/otpwcalc/">
+OTPWCalc mailing list</a> provides information and answers to
+questions. Commercial support is provided by the
+<a href="mailto:michael@schloh.com">author</a>.
+</div>
+</div><!-- /content -->
+</div><!-- /page -->
+<div data-role="page" class="type-interior" id="security">
+<div data-role="header" data-position="fixed" data-id="headsecurity">
+<h1>OTPWCalc</h1>
+</div><!-- /header -->
+<div data-role="content">
+<div data-role="collapsible" data-allow-collapse="false" data-collapsed="false" data-expanded-icon="otpwcalc-security" data-theme="c" data-content-theme="d">
+<h1>Security</h1>
+<p style="margin-top: 0; margin-bottom: 0; font-size: 1.1em; line-height: 125%;">General <strong>security concerns</strong> should be directed to the <a href="//list.europalab.com/mailman/listinfo/otpwcalc/">mailing list</a>, while those of a private nature should be sent directly to the <a href="mailto:michael@schloh.com">author</a>. X.509 certificates (for exchanging S/MIME encrypted email) and GnuPG keys (to verify released software signatures) reside on the <a href="//michael.schloh.com/">author's website</a>.</p>
+<p style="margin-top: 0.5em; margin-bottom: 0; font-size: 1.1em; line-height: 125%;">Please monitor the mailing list and keep your installation of OTPWCalc <strong>up to date</strong>!</p>
+</div><!-- /collapsible -->
+</div><!-- /content -->
+</div><!-- /page -->
+<div data-role="page" class="type-interior" id="standrfc">
+<div data-role="header" data-position="fixed" data-id="headrfc">
+<h1>OTPWCalc</h1>
+</div><!-- /header -->
+<div data-role="content">
+<div data-role="collapsible" data-allow-collapse="false" data-collapsed="false" data-expanded-icon="otpwcalc-document" data-theme="c" data-content-theme="d">
+<h1>Standards</h1>
+<p style="font-size: 1.1em; line-height: 125%;">This application implements<br />the following <strong>standards</strong>:</p>
+<ul>
+<li>
+<a href="//tools.ietf.org/html/rfc2289/">RFC 2289, A One-Time Password System</a>
+</li>
+</ul>
+</div><!-- /collapsible -->
+</div><!-- /content -->
+</div><!-- /page -->
+</body>
+</html>

OTPWCalc Sources / file comparison

comparison: src/firefoxos/help.html

src/firefoxos/help.html