OTPWCalc Sources / file revision
src/firefoxos/help.html@6a0957738c54
src/firefoxos/help.html
Mon, 22 Apr 2013 22:00:43 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Mon, 22 Apr 2013 22:00:43 +0200
- changeset 0
- 6a0957738c54
- child 3
- 09006594d51d
- permissions
- -rw-r--r--
Import pristine sources of new project OTPWCalc.
1 <!DOCTYPE html>
2 <!--
3 OTPWCalc - One time password challenge response calculator client
4 Copyright © 2013 Michael Schloh von Bennewitz <michael@schloh.com>
6 OTPWCalc is free software: you can redistribute it and/or modify
7 it under the terms of the European Union Public Licence, either
8 version 1.1 of the license, or (at your option) any later version.
10 OTPWCalc is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty
12 of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
13 the European Union Public License for more details.
15 You should have received a copy of the European Union Public
16 Licence along with OTPWCalc. If not, please refer to
17 <http://joinup.ec.europa.eu/software/page/eupl/>.
19 This file is part of project OTWPCalc, a one time password challenge
20 response calculator client and is found at http://otpwcalc.europalab.com/
22 help.html: W3C HTML implementation
23 -->
25 <html>
26 <head>
27 <meta charset="utf-8">
28 <meta name="viewport" content="width=device-width, initial-scale=1">
29 <title>OTPWCalc</title>
30 <link rel="stylesheet" href="jquery.mobile/jquery.mobile-1.3.1.min.css" />
31 <link rel="stylesheet" href="main.css" />
32 <script src="jquery.core/jquery-1.9.1.js"></script>
33 <script src="help.js"></script>
34 <script src="jquery.mobile/jquery.mobile-1.3.1.min.js"></script>
35 </head>
36 <body>
37 <!-- Data attributes reserved by JQuery Mobile:
38 data-theme, data-ajax, data-filter, data-icon, data-grid,
39 data-rel, data-icon, data-url, data-role, and data-type -->
40 <div data-role="page" class="type-interior">
41 <!-- H1 header data-role good for Search Engine Optimization -->
42 <!--<div data-role="header" data-position="inline">-->
43 <div data-role="header" data-position="fixed" data-id="headhelp">
44 <h1>OTPWCalc</h1>
45 </div><!-- /header -->
46 <div data-role="content">
47 <div class="content-primary">
48 <h1 style="text-align: center; margin: 0;">Help</h1>
49 <a href="#faq" data-role="button" data-theme="e" data-icon="otpwcalc-question" data-iconpos="right" data-transition="flow">F. A. Q.</a>
50 <a href="#quickstart" data-role="button" data-theme="e" data-icon="otpwcalc-qstart" data-iconpos="right" data-transition="flow">Quickstart</a>
51 <a href="#manpage" data-role="button" data-theme="e" data-icon="otpwcalc-manpage" data-iconpos="right" data-transition="flow">Manpage</a>
52 <a href="//list.europalab.com/mailman/listinfo/otpwcalc/" data-role="button" data-theme="e" data-icon="otpwcalc-email" data-iconpos="right" data-transition="flow">Mailinglist</a>
53 <a href="#security" data-role="button" data-theme="e" data-icon="otpwcalc-security" data-iconpos="right" data-transition="flow">Security</a>
54 <a href="#standrfc" data-role="button" data-theme="e" data-icon="otpwcalc-document" data-iconpos="right" data-transition="flow">Standards</a>
55 </div><!-- /content-primary -->
56 </div><!-- /content -->
57 </div><!-- /page -->
59 <div data-role="page" class="type-interior" id="faq">
60 <div data-role="header" data-id="headfaq">
61 <h1>OTPWCalc</h1>
62 </div><!-- /header -->
63 <div data-role="content">
64 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d" data-inset="false" data-theme="c" data-content-theme="c">
65 <h3 style="margin-top: 0; margin-bottom: 0;">What is a One Time Password?</h3>
66 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">A One Time Password (OTP) is a password valid only for a <strong>single use</strong> and, once used, cannot be used again for authentication. OTPs avoid a number of shortcomings that are associated with traditional (static) passwords.</p>
67 </div>
68 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
69 <h3>What can I do with this app?</h3>
70 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">This application serves one purpose only. It calculates and prints a OTP.</p>
71 </div>
72 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
73 <h3>What can I do with OTPs?</h3>
74 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">Most people use OTPs to log in to their website administration, CMS, or remote console.</p>
75 </div>
76 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
77 <h3>Can I log into my Google account?</h3>
78 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">No. Google uses OTPs, but in a slightly nonstandard way. OTPWCalc cannot calculate OTPs useful for Google authentication yet.</p>
79 </div>
80 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
81 <h3>Can I log in to Win/OSX/Oracle?</h3>
82 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">Yes, but some work is needed on the Windows/OSX/Oracle computer to configure the authentication subsystem.</p>
83 </div>
84 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
85 <h3>Can I log in to Unix/Linux?</h3>
86 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">Yes, by using PAM and it's quite easy.</p>
87 </div>
88 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
89 <h3>What else can I do with it?</h3>
90 <ol style="margin-top: 0.5em;">
91 <li>Impress your friends</li>
92 <li>VPN authentication</li>
93 <li>Single sign on</li>
94 <li>Remote access</li>
95 <li>Computer login</li>
96 <li>Disk encryption</li>
97 <li>Internet services</li>
98 <li>Systems integration</li>
99 <li>CMS authentication</li>
100 <li>Password management</li>
101 <li>Email and money transfer</li>
102 <li>Bank transaction validation</li>
103 </ol>
104 </div>
105 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
106 <h3>Can I install OTPWCalc on …?</h3>
107 <ul style="margin-top: 0.5em;">
108 <li>FirefoxOS: <strong>Yes</strong></li>
109 <li>Sailfish: No</li>
110 <li>Android: No</li>
111 <li>Tizen: <strong>Yes</strong></li>
112 <li>MeeGo: No</li>
113 <li>Bada: No</li>
114 <li>iOS: No</li>
115 <li>Unix: No</li>
116 <li>Linux: No</li>
117 <li>Mac OSX: No</li>
118 <li>BlackBerry QNX: No</li>
119 <li>Windows Phone: <strong>Yes</strong></li>
120 <li>Windows Store: <strong>Yes</strong></li>
121 </ul>
122 </div>
123 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
124 <h3>Why isn't OTPWCalc compatible?</h3>
125 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">OTPWCalc might not be compatible with your platform of choice, usually because the necessary hardware isn't available to the author for development.</p>
126 </div>
127 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
128 <h3>What happens to my password?</h3>
129 <p style="margin-top: 0.25em;">Take a look at the entry point in
130 <strong>main.js</strong>:</p>
131 <code style="margin-left: 2em; display:inline-block; line-height: 120%;">
132 var secr = $('#paswrd').val();<br />
133 var resp = hash(secr, user, iter);
134 </code>
135 <p style="margin-bottom: 0.25em;">In other words, the password you enter is neither stored nor transmitted. In fact, OTPWCalc doesn't store or transmit any data input <strong>at all</strong> (see James Bond question later.) It's a <em>calculator</em> in the true sense, just like a pocket calculator that adds numbers.</p>
136 </div>
137 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
138 <h3>Is OTPWCalc safe and secure?</h3>
139 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">The algorithms of OTP have proven worthy of <strong>high security applications</strong>. OTPWCalc has been carefully designed and is tested thoroughly. It's both secure and safe to use.</p>
140 </div>
141 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
142 <h3>Is it useful in a corporate setting?</h3>
143 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">Yes. Custom built enterprise versions are available accompanied with commercial support. Visit the <a href="//otpwcalc.europalab.com/">OTPWCalc homepage</a> for information.</p>
144 </div>
145 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
146 <h3>Does James Bond use OTPWCalc?</h3>
147 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">Maybe, but spies probably just look over shoulders or use cameras to steal the static passwords used in OTP systems.</p>
148 </div>
149 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
150 <h3>Same as Yubikey or RSA SecurID?</h3>
151 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">Yubikey, RSA SecurID, and OTPWCalc use similar technologies for similar applications, but OTPWCalc is strictly software and doesn't depend on the time or date.</p>
152 </div>
153 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
154 <h3>How can I upgrade my OTPWCalc?</h3>
155 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">This varies according to the operating system used so there's no single answer.</p>
156 </div>
157 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
158 <h3>Who owns OTPWCalc?</h3>
159 <p style="margin-top: 0.25em; margin-bottom: 0;">OTPWCalc is the property of the copyright holder, Michael Schloh von Bennewitz.</p>
160 </div>
161 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
162 <h3>Is OTPWCalc licensed?</h3>
163 <p style="margin-top: 0.25em; margin-bottom: 0;">OTPWCalc is distributed under the terms of the <a href="//joinup.ec.europa.eu/software/page/eupl/">European Union Public Licence</a>. This liberal license grants you freedom to use the software and much more.</p>
164 </div>
165 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
166 <h3>Which programming language?</h3>
167 <p style="margin-top: 0.25em; margin-bottom: 0;">OTPWCalc is built using the HTML, CSS, and JavaScript languages.</p>
168 <p style="margin-top: 0.5em; margin-bottom: 0.25em;">The jQuery Mobile and Apache Cordova development frameworks provide important additional features.</p>
169 </div>
170 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
171 <h3>What are ongoing developments?</h3>
172 <p style="margin-top: 0.25em;">OTPWCalc is both active and stable, and follows a project management plan.</p>
173 <ul>
174 <li>It is undergoing nationalization to several european languages.</li>
175 <li style="margin-top: 0.5em;"><strong>HMAC</strong>-based RFC 4226 (HOTP) is being implemented.</li>
176 <li style="margin-top: 0.5em;">Features like QR and OpenID integration are being explored.</li>
177 <li style="margin-top: 0.5em;">Most of all, OTPWCalc is being <em>ported to new platforms</em>.</li>
178 </ul>
179 <p style="margin-top: 0.5em; margin-bottom: 0.25em;">To request features or pose questions please write to the <a href="//list.europalab.com/mailman/listinfo/otpwcalc/">mailing list</a>.</p>
180 </div>
181 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
182 <h3>How can I report a bogue (bug)?</h3>
183 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">Please write to the <a href="//list.europalab.com/mailman/listinfo/otpwcalc/">mailing list</a> stating the OTPWCalc version and platform. Thanks for every bug report!</p>
184 </div>
185 <div data-role="collapsible" data-inset="false" data-theme="c" data-content-theme="d">
186 <h3>My question isn't answered,<br />or this is just not working!</h3>
187 <p style="margin-top: 0.25em; margin-bottom: 0.25em;">Please turn to the <a href="//list.europalab.com/mailman/listinfo/otpwcalc/">mailing list</a> and ask for help there. Answers appear in a day.</p>
188 </div>
189 </div><!-- /content -->
190 </div><!-- /page -->
192 <div data-role="page" class="type-interior" id="quickstart">
193 <div data-role="header" data-position="fixed" data-id="headquick">
194 <h1>OTPWCalc</h1>
195 </div><!-- /header -->
196 <div data-role="content">
197 <h3 style="margin-top: 0; margin-bottom: 0;">
198 To start using OTPWCalc now…
199 </h3>
200 <ol style="margin-top: 0.5em; margin-bottom: 0;">
201 <li style="margin-bottom: 0.5em;">Install and configure a OTP authentication server on the <strong>host computer</strong>.</li>
202 <li style="margin-bottom: 0.5em;">Add a username, seed ID, and password to the OTP <strong>authentication server</strong>.</li>
203 <li style="margin-bottom: 0.5em;">Log in to the host computer providing the recently added username. The host computer will reply with a challange including the appropriate <strong>seed ID</strong> and a new <strong>counter number</strong>.</li>
204 <li style="margin-bottom: 0.5em;">Type the seed ID and counter number along with the corresponding password into OTPWCalc. Click <strong>Submit</strong>.</li>
205 <li style="margin-bottom: 0.5em;">Read the resulting OTP in <div style="display: inline-block; color: rgb(192,0,0); text-transform: normal;">red uppercase characters</div>.</li>
206 <li style="margin-bottom: 0.5em;">Type the OTP into the host computer console and…<br /><em>Enjoy <strong>secure</strong> access!</em></li>
207 </ol>
208 </div><!-- /content -->
209 </div><!-- /page -->
211 <div data-role="page" class="type-interior" id="manpage">
212 <div data-role="header" data-position="fixed" data-id="headman">
213 <h1>OTPWCalc</h1>
214 </div><!-- /header -->
215 <div data-role="content">
216 <div style="float: left;">User Commands</div>
217 <div style="float: right;">OTPWCalc(1)</div>
218 <div style="clear: both;"></div>
219 <div style="margin-top: 1.5em; text-transform: uppercase; font-size: 0.75em;">Name</div>
220 <div style="margin-left: 2em; font-size: 0.75em;">OTPWCalc - Client application for calculating responses to OTP challenges.</div>
221 <div style="margin-top: 1.5em; text-transform: uppercase; font-size: 0.75em;">Synopsis</div>
222 <div style="margin-left: 2em; font-size: 0.75em;">OTPWCalc [-h] [-v] [-V]</div>
223 <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Description</div>
224 <div style="margin-left: 2em; font-size: 0.75em;">Playing the role of a hardware
225 token in a client server authentication system as described
226 in RFC 2289, OTPWCalc calculates responses to incoming
227 authentication challenges as typed in by the user.</div>
228 <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Options</div>
229 <div style="margin-left: 2em; font-size: 0.75em;">
230 -h Display a brief help message and exit.<br />
231 -v Print verbose text to the calling terminal.<br />
232 -V Print the version number and exit.
233 </div>
234 <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Terms</div>
235 <div style="margin-left: 2em; font-size: 0.75em;">Username</div>
236 <div style="margin-left: 4em; font-size: 0.75em;">
237 The name that the server knows. For example, 'albertc'.
238 </div>
239 <div style="margin-left: 2em; font-size: 0.75em;">Secret</div>
240 <div style="margin-left: 4em; font-size: 0.75em;">
241 A password, usually selected by the user, that is
242 needed to gain access to the server. For example,
243 'Mysec2-pw'.
244 </div>
245 <div style="margin-left: 2em; font-size: 0.75em;">Challenge</div>
246 <div style="margin-left: 4em; font-size: 0.75em;">
247 Information printed by the server when it tries to
248 authenticate a user. This information is needed by
249 OTPWCalc to generate a proper response. For example,
250 'otp-md5 820 dinw23612'.
251 </div>
252 <div style="margin-left: 2em; font-size: 0.75em;">Response</div>
253 <div style="margin-left: 4em; font-size: 0.75em;">
254 Information generated from a challenge that is used
255 by the server to authenticate the user. For example,
256 'BIEM ROSE JINX HARD BALL SKY NEW'.
257 </div>
258 <div style="margin-left: 2em; font-size: 0.75em;">Seed</div>
259 <div style="margin-left: 4em; font-size: 0.75em;">
260 Information used in conjunction with the secret and
261 sequence number to compute the response. It allows
262 the same secret to be used for multiple sequences
263 by changing the seed, or for authentication to
264 multiple servers by using different seeds.
265 </div>
266 <div style="margin-left: 2em; font-size: 0.75em;">Sequence #</div>
267 <div style="margin-left: 4em; font-size: 0.75em;">
268 A counter used to track key iterations. Each time
269 a successful response is received by the server the
270 sequence number is decremented. For example, 71.
271 </div>
272 <div style="margin-left: 2em; font-size: 0.75em;">Hash ID</div>
273 <div style="margin-left: 4em; font-size: 0.75em;">
274 Text that identifies the cryptographical algorithm
275 used. The valid hash identifiers are 'otpmd4'
276 corresponding to MD4, and 'otp-md5' corresponding
277 to MD5.
278 </div>
279 <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Files</div>
280 <div style="margin-left: 2em; font-size: 0.75em;">
281 The application may store a cookie in a file used to
282 restore the most recent settings. The location of this
283 file (or arbitrary data structure) varies according to
284 the operating system.
285 </div>
286 <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Bugs</div>
287 <div style="margin-left: 2em; font-size: 0.75em;">This manual.</div>
288 <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Security</div>
289 <div style="margin-left: 2em; font-size: 0.75em;">
290 All of the authentication strategies covered in the
291 standards implemented by this application are vulnerable
292 to man in the middle (MITM) attacks. The strategies can
293 be combined with public key logic to defeat such attacks.
294 </div>
295 <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Standards</div>
296 <div style="margin-left: 2em; font-size: 0.75em;">
297 The IETF standards RFC 1760 (The S/KEY One-Time Password
298 System) and RFC 2289 (A One-Time Password System) are
299 implemented.
300 </div>
301 <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">See also</div>
302 <div style="margin-left: 2em; font-size: 0.75em;">
303 None. This is a self contained, stand alone application with
304 no alias commands. It is unique in that it leverages open
305 technologies like Javascript to run unmodified on a variety
306 of operating systems.
307 </div>
308 <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Author</div>
309 <div style="margin-left: 2em; font-size: 0.75em;">
310 This application was written by <a href="//michael.schloh.com/">
311 Michael Schloh von Bennewitz</a>.
312 </div>
313 <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Contact</div>
314 <div style="margin-left: 2em; font-size: 0.75em;">
315 Please refer to the <a href="//otpwcalc.europalab.com/">
316 OTPWCalc homepage</a> for contact information.
317 </div>
318 <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Support</div>
319 <div style="margin-left: 2em; font-size: 0.75em;">
320 The <a href="//list.europalab.com/mailman/listinfo/otpwcalc/">
321 OTPWCalc mailing list</a> provides information and answers to
322 questions. Commercial support is provided by the
323 <a href="mailto:michael@schloh.com">author</a>.
324 </div>
325 </div><!-- /content -->
326 </div><!-- /page -->
328 <div data-role="page" class="type-interior" id="security">
329 <div data-role="header" data-position="fixed" data-id="headsecurity">
330 <h1>OTPWCalc</h1>
331 </div><!-- /header -->
332 <div data-role="content">
333 <div data-role="collapsible" data-allow-collapse="false" data-collapsed="false" data-expanded-icon="otpwcalc-security" data-theme="c" data-content-theme="d">
334 <h1>Security</h1>
335 <p style="margin-top: 0; margin-bottom: 0; font-size: 1.1em; line-height: 125%;">General <strong>security concerns</strong> should be directed to the <a href="//list.europalab.com/mailman/listinfo/otpwcalc/">mailing list</a>, while those of a private nature should be sent directly to the <a href="mailto:michael@schloh.com">author</a>. X.509 certificates (for exchanging S/MIME encrypted email) and GnuPG keys (to verify released software signatures) reside on the <a href="//michael.schloh.com/">author's website</a>.</p>
336 <p style="margin-top: 0.5em; margin-bottom: 0; font-size: 1.1em; line-height: 125%;">Please monitor the mailing list and keep your installation of OTPWCalc <strong>up to date</strong>!</p>
337 </div><!-- /collapsible -->
338 </div><!-- /content -->
339 </div><!-- /page -->
341 <div data-role="page" class="type-interior" id="standrfc">
342 <div data-role="header" data-position="fixed" data-id="headrfc">
343 <h1>OTPWCalc</h1>
344 </div><!-- /header -->
345 <div data-role="content">
346 <div data-role="collapsible" data-allow-collapse="false" data-collapsed="false" data-expanded-icon="otpwcalc-document" data-theme="c" data-content-theme="d">
347 <h1>Standards</h1>
348 <p style="font-size: 1.1em; line-height: 125%;">This application implements<br />the following <strong>standards</strong>:</p>
349 <ul>
350 <li>
351 <a href="//tools.ietf.org/html/rfc2289/">RFC 2289, A One-Time Password System</a>
352 </li>
353 </ul>
354 </div><!-- /collapsible -->
355 </div><!-- /content -->
356 </div><!-- /page -->
357 </body>
358 </html>
