diff -r 09006594d51d -r 5d1908d87db8 src/firefoxos/help.html --- a/src/firefoxos/help.html Tue Apr 23 22:01:36 2013 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,358 +0,0 @@ - - - - - - - - OTPWCalc - - - - - - - - -
- - -
-

OTPWCalc

-
-
-
-

Help

- F. A. Q. - Quickstart - Manpage - Mailinglist - Security - Standards -
-
-
- -
-
-

OTPWCalc

-
-
-
-

What is a One Time Password?

-

A One Time Password (OTP) is a password valid only for a single use and, once used, cannot be used again for authentication. OTPs avoid a number of shortcomings that are associated with traditional (static) passwords.

-
-
-

What can I do with this app?

-

This application serves one purpose only. It calculates and prints a OTP.

-
-
-

What can I do with OTPs?

-

Most people use OTPs to log in to their website administration, CMS, or remote console.

-
-
-

Can I log into my Google account?

-

No. Google uses OTPs, but in a slightly nonstandard way. OTPWCalc cannot calculate OTPs useful for Google authentication yet.

-
-
-

Can I log in to Win/OSX/Oracle?

-

Yes, but some work is needed on the Windows/OSX/Oracle computer to configure the authentication subsystem.

-
-
-

Can I log in to Unix/Linux?

-

Yes, by using PAM and it's quite easy.

-
-
-

What else can I do with it?

-
    -
  1. Impress your friends
    2. -
  2. VPN authentication
    3. -
  3. Single sign on
    4. -
  4. Remote access
    5. -
  5. Computer login
    6. -
  6. Disk encryption
    7. -
  7. Internet services
    8. -
  8. Systems integration
    9. -
  9. CMS authentication
    10. -
  10. Password management
    11. -
  11. Email and money transfer
    12. -
  12. Bank transaction validation
    13. -
-
-
-

Can I install OTPWCalc on …?

-
    -
  • FirefoxOS: Yes
    • -
  • Sailfish: No
    • -
  • Android: No
    • -
  • Tizen: Yes
    • -
  • MeeGo: No
    • -
  • Bada: No
    • -
  • iOS: No
    • -
  • Unix: No
    • -
  • Linux: No
    • -
  • Mac OSX: No
    • -
  • BlackBerry QNX: No
    • -
  • Windows Phone: Yes
    • -
  • Windows Store: Yes
    • -
-
-
-

Why isn't OTPWCalc compatible?

-

OTPWCalc might not be compatible with your platform of choice, usually because the necessary hardware isn't available to the author for development.

-
-
-

What happens to my password?

-

Take a look at the entry point in - main.js:

- - var secr = $('#paswrd').val();
- var resp = hash(secr, user, iter); - -

In other words, the password you enter is neither stored nor transmitted. In fact, OTPWCalc doesn't store or transmit any data input at all (see James Bond question later.) It's a calculator in the true sense, just like a pocket calculator that adds numbers.

-
-
-

Is OTPWCalc safe and secure?

-

The algorithms of OTP have proven worthy of high security applications. OTPWCalc has been carefully designed and is tested thoroughly. It's both secure and safe to use.

-
-
-

Is it useful in a corporate setting?

-

Yes. Custom built enterprise versions are available accompanied with commercial support. Visit the OTPWCalc homepage for information.

-
-
-

Does James Bond use OTPWCalc?

-

Maybe, but spies probably just look over shoulders or use cameras to steal the static passwords used in OTP systems.

-
-
-

Same as Yubikey or RSA SecurID?

-

Yubikey, RSA SecurID, and OTPWCalc use similar technologies for similar applications, but OTPWCalc is strictly software and doesn't depend on the time or date.

-
-
-

How can I upgrade my OTPWCalc?

-

This varies according to the operating system used so there's no single answer.

-
-
-

Who owns OTPWCalc?

-

OTPWCalc is the property of the copyright holder, Michael Schloh von Bennewitz.

-
-
-

Is OTPWCalc licensed?

-

OTPWCalc is distributed under the terms of the European Union Public Licence. This liberal license grants you freedom to use the software and much more.

-
-
-

Which programming language?

-

OTPWCalc is built using the HTML, CSS, and JavaScript languages.

-

The jQuery Mobile and Apache Cordova development frameworks provide important additional features.

-
-
-

What are ongoing developments?

-

OTPWCalc is both active and stable, and follows a project management plan.

-
    -
  • It is undergoing i18n and l10n to several european languages.
    • -
  • HMAC-based RFC 4226 (HOTP) is being implemented.
    • -
  • Features like QR and OpenID integration are being explored.
    • -
  • Most of all, OTPWCalc is being ported to new platforms.
    • -
-

To request features or pose questions please write to the mailing list.

-
-
-

How can I report a bogue (bug)?

-

Please write to the mailing list stating the OTPWCalc version and platform. Thanks for every bug report!

-
-
-

My question isn't answered,
or this is just not working!

-

Please turn to the mailing list and ask for help there. Answers appear in a day.

-
-
-
- -
-
-

OTPWCalc

-
-
-

- To start using OTPWCalc now… -

-
    -
  1. Install and configure a OTP authentication server on the host computer.
    2. -
  2. Add a username, seed ID, and password to the OTP authentication server.
    3. -
  3. Log in to the host computer providing the recently added username. The host computer will reply with a challange including the appropriate seed ID and a new counter number.
    4. -
  4. Type the seed ID and counter number along with the corresponding password into OTPWCalc. Click Submit.
    5. -
  5. Read the resulting OTP in
    red uppercase characters
    .
    6. -
  6. Type the OTP into the host computer console and…
    Enjoy secure access!
    7. -
-
-
- -
-
-

OTPWCalc

-
-
-
User Commands
-
OTPWCalc(1)
-
-
Name
-
OTPWCalc - Client application for calculating responses to OTP challenges.
-
Synopsis
-
OTPWCalc [-h] [-v] [-V]
-
Description
-
Playing the role of a hardware - token in a client server authentication system as described - in RFC 2289, OTPWCalc calculates responses to incoming - authentication challenges as typed in by the user.
-
Options
-
- -h Display a brief help message and exit.
- -v Print verbose text to the calling terminal.
- -V Print the version number and exit. -
-
Terms
-
Username
-
- The name that the server knows. For example, 'albertc'. -
-
Secret
-
- A password, usually selected by the user, that is - needed to gain access to the server. For example, - 'Mysec2-pw'. -
-
Challenge
-
- Information printed by the server when it tries to - authenticate a user. This information is needed by - OTPWCalc to generate a proper response. For example, - 'otp-md5 820 dinw23612'. -
-
Response
-
- Information generated from a challenge that is used - by the server to authenticate the user. For example, - 'BIEM ROSE JINX HARD BALL SKY NEW'. -
-
Seed
-
- Information used in conjunction with the secret and - sequence number to compute the response. It allows - the same secret to be used for multiple sequences - by changing the seed, or for authentication to - multiple servers by using different seeds. -
-
Sequence #
-
- A counter used to track key iterations. Each time - a successful response is received by the server the - sequence number is decremented. For example, 71. -
-
Hash ID
-
- Text that identifies the cryptographical algorithm - used. The valid hash identifiers are 'otpmd4' - corresponding to MD4, and 'otp-md5' corresponding - to MD5. -
-
Files
-
- The application may store a cookie in a file used to - restore the most recent settings. The location of this - file (or arbitrary data structure) varies according to - the operating system. -
-
Bugs
-
This manual.
-
Security
-
- All of the authentication strategies covered in the - standards implemented by this application are vulnerable - to man in the middle (MITM) attacks. The strategies can - be combined with public key logic to defeat such attacks. -
-
Standards
-
- The IETF standards RFC 1760 (The S/KEY One-Time Password - System) and RFC 2289 (A One-Time Password System) are - implemented. -
-
See also
-
- None. This is a self contained, stand alone application with - no alias commands. It is unique in that it leverages open - technologies like Javascript to run unmodified on a variety - of operating systems. -
-
Author
-
- This application was written by - Michael Schloh von Bennewitz. -
-
Contact
-
- Please refer to the - OTPWCalc homepage for contact information. -
-
Support
-
- The - OTPWCalc mailing list provides information and answers to - questions. Commercial support is provided by the - author. -
-
-
- -
-
-

OTPWCalc

-
-
-
-

Security

-

General security concerns should be directed to the mailing list, while those of a private nature should be sent directly to the author. X.509 certificates (for exchanging S/MIME encrypted email) and GnuPG keys (to verify released software signatures) reside on the author's website.

-

Please monitor the mailing list and keep your installation of OTPWCalc up to date!

-
-
-
- -
-
-

OTPWCalc

-
-
-
-

Standards

-

This application implements
the following standards:

- -
-
-
- -