michael@4: <!DOCTYPE html>
michael@4: <!--
michael@4: OTPWCalc - One time password challenge response calculator client
michael@4: Copyright © 2013 Michael Schloh von Bennewitz <michael@schloh.com>
michael@4: 
michael@4: OTPWCalc is free software: you can redistribute it and/or modify
michael@4: it under the terms of the European Union Public Licence, either
michael@4: version 1.1 of the license, or (at your option) any later version.
michael@4: 
michael@4: OTPWCalc is distributed in the hope that it will be useful,
michael@4: but WITHOUT ANY WARRANTY; without even the implied warranty
michael@4: of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
michael@4: the European Union Public License for more details.
michael@4: 
michael@4: You should have received a copy of the European Union Public
michael@4: Licence along with OTPWCalc. If not, please refer to
michael@4: <http://joinup.ec.europa.eu/software/page/eupl/>.
michael@4: 
michael@4: This file is part of project OTWPCalc, a one time password challenge
michael@4: response calculator client and is found at http://otpwcalc.europalab.com/
michael@4: 
michael@4: hman.html: W3C HTML implementation
michael@4: -->
michael@4: 
michael@4: <html>
michael@4:     <head>
michael@4:     <meta charset="utf-8">
michael@4:     <meta name="viewport" content="width=device-width, initial-scale=1">
michael@4:     <title>OTPWCalc</title>
michael@4:     <link rel="stylesheet" href="../jquery.mobile/jquery.mobile-1.3.1.min.css" />
michael@4:     <link rel="stylesheet" href="../main.css" />
michael@11:     <script src="../jquery.core/jquery-1.10.2.min.js"></script>
michael@4:     <script src="help.js"></script>
michael@4:     <script src="../jquery.mobile/jquery.mobile-1.3.1.min.js"></script>
michael@4:     </head>
michael@4:     <body>
michael@4:     <!-- Data attributes reserved by JQuery Mobile:
michael@4:          data-theme, data-ajax, data-filter, data-icon, data-grid,
michael@4:          data-rel, data-icon, data-url, data-role, and data-type -->
michael@4:     <!-- Also data-dom-cache="true" -->
michael@4:     <div data-role="page" class="type-interior oc-swipage" id="manpage">
michael@4:         <div data-role="header" data-position="fixed" data-id="headman">
michael@4:             <h1>OTPWCalc</h1>
michael@4:         </div><!-- /header -->
michael@4:         <div data-role="content">
michael@4:             <div style="float: left;">User Commands</div>
michael@4:             <div style="float: right;">OTPWCalc(1)</div>
michael@4:             <div style="clear: both;"></div>
michael@4:             <div style="margin-top: 1.5em; text-transform: uppercase; font-size: 0.75em;">Name</div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">OTPWCalc - Client application for calculating responses to OTP challenges.</div>
michael@4:             <div style="margin-top: 1.5em; text-transform: uppercase; font-size: 0.75em;">Synopsis</div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">OTPWCalc [-h] [-v] [-V]</div>
michael@4:             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Description</div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">Playing the role of a hardware
michael@4:                 token in a client server authentication system as described
michael@4:                 in RFC 2289, OTPWCalc calculates responses to incoming
michael@4:                 authentication challenges as typed in by the user.</div>
michael@4:             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Options</div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">
michael@4:                 -h Display a brief help message and exit.<br />
michael@4:                 -v Print verbose text to the calling terminal.<br />
michael@4:                 -V Print the version number and exit.
michael@4:             </div>
michael@4:             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Terms</div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">Username</div>
michael@4:             <div style="margin-left: 4em; font-size: 0.75em;">
michael@4:                 The name that the server knows. For example, 'albertc'.
michael@4:             </div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">Secret</div>
michael@4:             <div style="margin-left: 4em; font-size: 0.75em;">
michael@4:                 A password, usually selected by the user, that is
michael@4:                 needed to gain access to the server. For example,
michael@4:                 'Mysec2-pw'.
michael@4:             </div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">Challenge</div>
michael@4:             <div style="margin-left: 4em; font-size: 0.75em;">
michael@4:                 Information printed by the server when it tries to
michael@4:                 authenticate a user. This information is needed by
michael@4:                 OTPWCalc to generate a proper response. For example,
michael@4:                 'otp-md5 820 dinw23612'.
michael@4:             </div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">Response</div>
michael@4:             <div style="margin-left: 4em; font-size: 0.75em;">
michael@4:                 Information generated from a challenge that is used
michael@4:                 by the server to authenticate the user. For example,
michael@4:                 'BIEM ROSE JINX HARD BALL SKY NEW'.
michael@4:             </div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">Seed</div>
michael@4:             <div style="margin-left: 4em; font-size: 0.75em;">
michael@4:                 Information used in conjunction with the secret and
michael@4:                 sequence number to compute the response. It allows
michael@4:                 the same secret to be used for multiple sequences
michael@4:                 by changing the seed, or for authentication to
michael@4:                 multiple servers by using different seeds.
michael@4:             </div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">Sequence #</div>
michael@4:             <div style="margin-left: 4em; font-size: 0.75em;">
michael@4:                 A counter used to track key iterations. Each time
michael@4:                 a successful response is received by the server the
michael@4:                 sequence number is decremented. For example, 71.
michael@4:             </div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">Hash ID</div>
michael@4:             <div style="margin-left: 4em; font-size: 0.75em;">
michael@4:                 Text that identifies the cryptographical algorithm
michael@4:                 used. The valid hash identifiers are 'otpmd4'
michael@4:                 corresponding to MD4, and 'otp-md5' corresponding
michael@4:                 to MD5.
michael@4:             </div>
michael@4:             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Files</div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">
michael@4:                 The application may store a cookie in a file used to
michael@4:                 restore the most recent settings. The location of this
michael@4:                 file (or arbitrary data structure) varies according to
michael@4:                 the operating system.
michael@4:             </div>
michael@4:             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Bugs</div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">This manual.</div>
michael@4:             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Security</div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">
michael@4:                 All of the authentication strategies covered in the
michael@4:                 standards implemented by this application are vulnerable
michael@4:                 to man in the middle (MITM) attacks. The strategies can
michael@4:                 be combined with public key logic to defeat such attacks.
michael@4:             </div>
michael@4:             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Standards</div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">
michael@4:                 The IETF standards RFC 1760 (The S/KEY One-Time Password
michael@4:                 System) and RFC 2289 (A One-Time Password System) are
michael@4:                 implemented.
michael@4:             </div>
michael@4:             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">See also</div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">
michael@4:                 None. This is a self contained, stand alone application with
michael@4:                 no alias commands. It is unique in that it leverages open
michael@4:                 technologies like Javascript to run unmodified on a variety
michael@4:                 of operating systems.
michael@4:             </div>
michael@4:             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Author</div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">
michael@4:                 This application was written by <a href="//michael.schloh.com/">
michael@4:                 Michael Schloh von Bennewitz</a>.
michael@4:             </div>
michael@4:             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Contact</div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">
michael@4:                 Please refer to the <a href="//otpwcalc.europalab.com/">
michael@4:                 OTPWCalc homepage</a> for contact information.
michael@4:             </div>
michael@4:             <div style="margin-top: 1.25em; text-transform: uppercase; font-size: 0.75em;">Support</div>
michael@4:             <div style="margin-left: 2em; font-size: 0.75em;">
michael@4:                 The <a href="//list.europalab.com/mailman/listinfo/otpwcalc/">
michael@4:                 OTPWCalc mailing list</a> provides information and answers to
michael@4:                 questions. Commercial support is provided by the
michael@4:                 <a href="mailto:michael@schloh.com">author</a>.
michael@4:             </div>
michael@4:         </div><!-- /content -->
michael@4:     </div><!-- /page -->
michael@4: </body>
michael@4: </html>