michael@4: michael@4: michael@4: michael@4: michael@4: michael@4: michael@4: michael@4: OTPWCalc michael@4: michael@4: michael@8: michael@4: michael@4: michael@4: michael@4: michael@4: michael@4: michael@4:
michael@4:
michael@4:

OTPWCalc

michael@4:
michael@4:
michael@4:
michael@4:

What is a One Time Password?

michael@4:

A One Time Password (OTP) is a password valid only for a single use and, once used, cannot be used again for authentication. OTPs avoid a number of shortcomings that are associated with traditional (static) passwords.

michael@4:
michael@4:
michael@4:

What can I do with this app?

michael@4:

This application serves one purpose only. It calculates and prints a OTP.

michael@4:
michael@4:
michael@4:

What can I do with OTPs?

michael@4:

Most people use OTPs to log in to their website administration, CMS, or remote console.

michael@4:
michael@4:
michael@4:

Can I log into my Google account?

michael@4:

No. Google uses OTPs, but in a slightly nonstandard way. OTPWCalc cannot calculate OTPs useful for Google authentication yet.

michael@4:
michael@4:
michael@4:

Can I log in to Win/OSX/Oracle?

michael@4:

Yes, but some work is needed on the Windows/OSX/Oracle computer to configure the authentication subsystem.

michael@4:
michael@4:
michael@4:

Can I log in to Unix/Linux?

michael@4:

Yes, by using PAM and it's quite easy.

michael@4:
michael@4:
michael@4:

What else can I do with it?

michael@4:
    michael@4:
  1. Impress your friends
    2. michael@4:
  2. VPN authentication
    3. michael@4:
  3. Single sign on
    4. michael@4:
  4. Remote access
    5. michael@4:
  5. Computer login
    6. michael@4:
  6. Disk encryption
    7. michael@4:
  7. Internet services
    8. michael@4:
  8. Systems integration
    9. michael@4:
  9. CMS authentication
    10. michael@4:
  10. Password management
    11. michael@4:
  11. Email and money transfer
    12. michael@4:
  12. Bank transaction validation
    13. michael@4:
michael@4:
michael@4:
michael@4:

Can I install OTPWCalc on …?

michael@4:
    michael@4:
  • FirefoxOS: Yes
    • michael@4:
  • Sailfish: No
    • michael@4:
  • Android: No
    • michael@4:
  • Tizen: Yes
    • michael@4:
  • MeeGo: No
    • michael@4:
  • Bada: No
    • michael@4:
  • iOS: No
    • michael@4:
  • Unix: No
    • michael@4:
  • Linux: No
    • michael@4:
  • Mac OSX: No
    • michael@4:
  • BlackBerry QNX: No
    • michael@4:
  • Windows Phone: Yes
    • michael@4:
  • Windows Store: Yes
    • michael@4:
michael@4:
michael@4:
michael@4:

Why isn't OTPWCalc compatible?

michael@4:

OTPWCalc might not be compatible with your platform of choice, usually because the necessary hardware isn't available to the author for development.

michael@4:
michael@4:
michael@4:

What happens to my password?

michael@4:

Take a look at the entry point in michael@4: main.js:

michael@4: michael@4: var secr = $('#paswrd').val();
michael@4: var resp = hash(secr, user, iter); michael@4: michael@4:

In other words, the password you enter is neither stored nor transmitted. In fact, OTPWCalc doesn't store or transmit any data input at all (see James Bond question later.) It's a calculator in the true sense, just like a pocket calculator that adds numbers.

michael@4:
michael@4:
michael@4:

Is OTPWCalc safe and secure?

michael@4:

The algorithms of OTP have proven worthy of high security applications. OTPWCalc has been carefully designed and is tested thoroughly. It's both secure and safe to use.

michael@4:
michael@4:
michael@4:

Is it useful in a corporate setting?

michael@4:

Yes. Custom built enterprise versions are available accompanied with commercial support. Visit the OTPWCalc homepage for information.

michael@4:
michael@4:
michael@4:

Does James Bond use OTPWCalc?

michael@4:

Maybe, but spies probably just look over shoulders or use cameras to steal the static passwords used in OTP systems.

michael@4:
michael@4:
michael@4:

Same as Yubikey or RSA SecurID?

michael@4:

Yubikey, RSA SecurID, and OTPWCalc use similar technologies for similar applications, but OTPWCalc is strictly software and doesn't depend on the time or date.

michael@4:
michael@4:
michael@4:

How can I upgrade my OTPWCalc?

michael@4:

This varies according to the operating system used so there's no single answer.

michael@4:
michael@4:
michael@4:

Who owns OTPWCalc?

michael@4:

OTPWCalc is the property of the copyright holder, Michael Schloh von Bennewitz.

michael@4:
michael@4:
michael@4:

Is OTPWCalc licensed?

michael@4:

OTPWCalc is distributed under the terms of the European Union Public Licence. This liberal license grants you freedom to use the software and much more.

michael@4:
michael@4:
michael@4:

Which programming language?

michael@4:

OTPWCalc is built using the HTML, CSS, and JavaScript languages.

michael@4:

The jQuery Mobile and Apache Cordova development frameworks provide important additional features.

michael@4:
michael@4:
michael@4:

What are ongoing developments?

michael@4:

OTPWCalc is both active and stable, and follows a project management plan.

michael@4:
    michael@4:
  • It is undergoing i18n and l10n to several european languages.
    • michael@4:
  • HMAC-based RFC 4226 (HOTP) is being implemented.
    • michael@4:
  • Features like QR and OpenID integration are being explored.
    • michael@4:
  • Most of all, OTPWCalc is being ported to new platforms.
    • michael@4:
michael@4:

To request features or pose questions please write to the mailing list.

michael@4:
michael@4:
michael@4:

How can I report a bogue (bug)?

michael@4:

Please write to the mailing list stating the OTPWCalc version and platform. Thanks for every bug report!

michael@4:
michael@4:
michael@4:

My question isn't answered,
or this is just not working!

michael@4:

Please turn to the mailing list and ask for help there. Answers appear in a day.

michael@4:
michael@4:
michael@4:
michael@4: michael@4: