OTPWCalc

One Time Password Calculator 0.7.1

One Time Password Calculator 0.7.2

diff -r 09006594d51d -r 5d1908d87db8 src/firefoxos/help.html --- a/src/firefoxos/help.html Tue Apr 23 22:01:36 2013 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,358 +0,0 @@ - - - - - - - - OTPWCalc - - - - - - - - -

- - -

OTPWCalc

Help

- F. A. Q. - Quickstart - Manpage - Mailinglist - Security - Standards -

- -

OTPWCalc

What is a One Time Password?

A One Time Password (OTP) is a password valid only for a single use and, once used, cannot be used again for authentication. OTPs avoid a number of shortcomings that are associated with traditional (static) passwords.

What can I do with this app?

This application serves one purpose only. It calculates and prints a OTP.

What can I do with OTPs?

Most people use OTPs to log in to their website administration, CMS, or remote console.

Can I log into my Google account?

No. Google uses OTPs, but in a slightly nonstandard way. OTPWCalc cannot calculate OTPs useful for Google authentication yet.

Can I log in to Win/OSX/Oracle?

Yes, but some work is needed on the Windows/OSX/Oracle computer to configure the authentication subsystem.

Can I log in to Unix/Linux?

Yes, by using PAM and it's quite easy.

What else can I do with it?

Impress your friends
VPN authentication
Single sign on
Remote access
Computer login
Disk encryption
Internet services
Systems integration
CMS authentication
Password management
Email and money transfer
Bank transaction validation

Can I install OTPWCalc on …?

FirefoxOS: Yes
Sailfish: No
Android: No
Tizen: Yes
MeeGo: No
Bada: No
iOS: No
Unix: No
Linux: No
Mac OSX: No
BlackBerry QNX: No
Windows Phone: Yes
Windows Store: Yes

Why isn't OTPWCalc compatible?

OTPWCalc might not be compatible with your platform of choice, usually because the necessary hardware isn't available to the author for development.

What happens to my password?

Take a look at the entry point in - main.js:


-                       var secr = $('#paswrd').val();

-                       var resp = hash(secr, user, iter);
-

In other words, the password you enter is neither stored nor transmitted. In fact, OTPWCalc doesn't store or transmit any data input at all (see James Bond question later.) It's a calculator in the true sense, just like a pocket calculator that adds numbers.

Is OTPWCalc safe and secure?

The algorithms of OTP have proven worthy of high security applications. OTPWCalc has been carefully designed and is tested thoroughly. It's both secure and safe to use.

Is it useful in a corporate setting?

Yes. Custom built enterprise versions are available accompanied with commercial support. Visit the OTPWCalc homepage for information.

Does James Bond use OTPWCalc?

Maybe, but spies probably just look over shoulders or use cameras to steal the static passwords used in OTP systems.

Same as Yubikey or RSA SecurID?

Yubikey, RSA SecurID, and OTPWCalc use similar technologies for similar applications, but OTPWCalc is strictly software and doesn't depend on the time or date.

How can I upgrade my OTPWCalc?

This varies according to the operating system used so there's no single answer.

Who owns OTPWCalc?

OTPWCalc is the property of the copyright holder, Michael Schloh von Bennewitz.

Is OTPWCalc licensed?

OTPWCalc is distributed under the terms of the European Union Public Licence. This liberal license grants you freedom to use the software and much more.

Which programming language?

OTPWCalc is built using the HTML, CSS, and JavaScript languages.

The jQuery Mobile and Apache Cordova development frameworks provide important additional features.

What are ongoing developments?

OTPWCalc is both active and stable, and follows a project management plan.

It is undergoing i18n and l10n to several european languages.
HMAC-based RFC 4226 (HOTP) is being implemented.
Features like QR and OpenID integration are being explored.
Most of all, OTPWCalc is being ported to new platforms.

To request features or pose questions please write to the mailing list.

How can I report a bogue (bug)?

Please write to the mailing list stating the OTPWCalc version and platform. Thanks for every bug report!

My question isn't answered,
or this is just not working!

Please turn to the mailing list and ask for help there. Answers appear in a day.

- -

OTPWCalc

- To start using OTPWCalc now… -

Install and configure a OTP authentication server on the host computer.
Add a username, seed ID, and password to the OTP authentication server.
Log in to the host computer providing the recently added username. The host computer will reply with a challange including the appropriate seed ID and a new counter number.
Type the seed ID and counter number along with the corresponding password into OTPWCalc. Click Submit.
Read the resulting OTP in
red uppercase characters
.
Type the OTP into the host computer console and…
Enjoy secure access!

- -

OTPWCalc

User Commands

OTPWCalc(1)

Name

OTPWCalc - Client application for calculating responses to OTP challenges.

Synopsis

OTPWCalc [-h] [-v] [-V]

Description

Playing the role of a hardware - token in a client server authentication system as described - in RFC 2289, OTPWCalc calculates responses to incoming - authentication challenges as typed in by the user.

Options

- -h Display a brief help message and exit.
- -v Print verbose text to the calling terminal.
- -V Print the version number and exit. -

Terms

Username

- The name that the server knows. For example, 'albertc'. -

Secret

- A password, usually selected by the user, that is - needed to gain access to the server. For example, - 'Mysec2-pw'. -

Challenge

- Information printed by the server when it tries to - authenticate a user. This information is needed by - OTPWCalc to generate a proper response. For example, - 'otp-md5 820 dinw23612'. -

Response

- Information generated from a challenge that is used - by the server to authenticate the user. For example, - 'BIEM ROSE JINX HARD BALL SKY NEW'. -

Seed

- Information used in conjunction with the secret and - sequence number to compute the response. It allows - the same secret to be used for multiple sequences - by changing the seed, or for authentication to - multiple servers by using different seeds. -

Sequence #

- A counter used to track key iterations. Each time - a successful response is received by the server the - sequence number is decremented. For example, 71. -

Hash ID

- Text that identifies the cryptographical algorithm - used. The valid hash identifiers are 'otpmd4' - corresponding to MD4, and 'otp-md5' corresponding - to MD5. -

Files

- The application may store a cookie in a file used to - restore the most recent settings. The location of this - file (or arbitrary data structure) varies according to - the operating system. -

Bugs

This manual.

Security

- All of the authentication strategies covered in the - standards implemented by this application are vulnerable - to man in the middle (MITM) attacks. The strategies can - be combined with public key logic to defeat such attacks. -

Standards

- The IETF standards RFC 1760 (The S/KEY One-Time Password - System) and RFC 2289 (A One-Time Password System) are - implemented. -

OTPWCalc

Security

General security concerns should be directed to the mailing list, while those of a private nature should be sent directly to the author. X.509 certificates (for exchanging S/MIME encrypted email) and GnuPG keys (to verify released software signatures) reside on the author's website.

Please monitor the mailing list and keep your installation of OTPWCalc up to date!

- -

OTPWCalc

Standards

This application implements
the following standards:

- RFC 2289, A One-Time Password System -

- - diff -r 09006594d51d -r 5d1908d87db8 src/firefoxos/help.js --- a/src/firefoxos/help.js Tue Apr 23 22:01:36 2013 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,39 +0,0 @@ -/* - * OTPWCalc - One time password challenge response calculator client - * Copyright © 2013 Michael Schloh von Bennewitz - * - * OTPWCalc is free software: you can redistribute it and/or modify - * it under the terms of the European Union Public Licence, either - * version 1.1 of the license, or (at your option) any later version. - * - * OTPWCalc is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty - * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See - * the European Union Public License for more details. - * - * You should have received a copy of the European Union Public - * Licence along with OTPWCalc. If not, please refer to - * . - * - * This file is part of project OTWPCalc, a one time password challenge - * response calculator client and is found at http://otpwcalc.europalab.com/ - * - * help.js: ECMA JavaScript implementation - */ - -// diff -r 09006594d51d -r 5d1908d87db8 src/firefoxos/help/help.html --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/firefoxos/help/help.html Fri Apr 26 19:10:52 2013 +0200 @@ -0,0 +1,60 @@ + + + + + + + + OTPWCalc + + + + + + + + + +

+ + +

OTPWCalc

Help

+ F. A. Q. + Quickstart + Manpage + Mailinglist + Security + Standards +

+ + diff -r 09006594d51d -r 5d1908d87db8 src/firefoxos/help/help.js --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/firefoxos/help/help.js Fri Apr 26 19:10:52 2013 +0200 @@ -0,0 +1,75 @@ +/* + * OTPWCalc - One time password challenge response calculator client + * Copyright © 2013 Michael Schloh von Bennewitz + * + * OTPWCalc is free software: you can redistribute it and/or modify + * it under the terms of the European Union Public Licence, either + * version 1.1 of the license, or (at your option) any later version. + * + * OTPWCalc is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty + * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See + * the European Union Public License for more details. + * + * You should have received a copy of the European Union Public + * Licence along with OTPWCalc. If not, please refer to + * . + * + * This file is part of project OTWPCalc, a one time password challenge + * response calculator client and is found at http://otpwcalc.europalab.com/ + * + * help.js: ECMA JavaScript implementation + */ + +// + + + + + + + OTPWCalc + + + + + + + + + +

OTPWCalc

What is a One Time Password?

What can I do with this app?

This application serves one purpose only. It calculates and prints a OTP.

What can I do with OTPs?

Most people use OTPs to log in to their website administration, CMS, or remote console.

Can I log into my Google account?

No. Google uses OTPs, but in a slightly nonstandard way. OTPWCalc cannot calculate OTPs useful for Google authentication yet.

Can I log in to Win/OSX/Oracle?

Yes, but some work is needed on the Windows/OSX/Oracle computer to configure the authentication subsystem.

Can I log in to Unix/Linux?

Yes, by using PAM and it's quite easy.

What else can I do with it?

Impress your friends
VPN authentication
Single sign on
Remote access
Computer login
Disk encryption
Internet services
Systems integration
CMS authentication
Password management
Email and money transfer
Bank transaction validation

Can I install OTPWCalc on …?

FirefoxOS: Yes
Sailfish: No
Android: No
Tizen: Yes
MeeGo: No
Bada: No
iOS: No
Unix: No
Linux: No
Mac OSX: No
BlackBerry QNX: No
Windows Phone: Yes
Windows Store: Yes

Why isn't OTPWCalc compatible?

OTPWCalc might not be compatible with your platform of choice, usually because the necessary hardware isn't available to the author for development.

What happens to my password?

Take a look at the entry point in + main.js:


+                       var secr = $('#paswrd').val();

+                       var resp = hash(secr, user, iter);
+

Is OTPWCalc safe and secure?

The algorithms of OTP have proven worthy of high security applications. OTPWCalc has been carefully designed and is tested thoroughly. It's both secure and safe to use.

Is it useful in a corporate setting?

Yes. Custom built enterprise versions are available accompanied with commercial support. Visit the OTPWCalc homepage for information.

Does James Bond use OTPWCalc?

Maybe, but spies probably just look over shoulders or use cameras to steal the static passwords used in OTP systems.

Same as Yubikey or RSA SecurID?

Yubikey, RSA SecurID, and OTPWCalc use similar technologies for similar applications, but OTPWCalc is strictly software and doesn't depend on the time or date.

How can I upgrade my OTPWCalc?

This varies according to the operating system used so there's no single answer.

Who owns OTPWCalc?

OTPWCalc is the property of the copyright holder, Michael Schloh von Bennewitz.

Is OTPWCalc licensed?

OTPWCalc is distributed under the terms of the European Union Public Licence. This liberal license grants you freedom to use the software and much more.

Which programming language?

OTPWCalc is built using the HTML, CSS, and JavaScript languages.

The jQuery Mobile and Apache Cordova development frameworks provide important additional features.

What are ongoing developments?

OTPWCalc is both active and stable, and follows a project management plan.

It is undergoing i18n and l10n to several european languages.
HMAC-based RFC 4226 (HOTP) is being implemented.
Features like QR and OpenID integration are being explored.
Most of all, OTPWCalc is being ported to new platforms.

To request features or pose questions please write to the mailing list.

How can I report a bogue (bug)?

Please write to the mailing list stating the OTPWCalc version and platform. Thanks for every bug report!

My question isn't answered,
or this is just not working!

Please turn to the mailing list and ask for help there. Answers appear in a day.

+ + diff -r 09006594d51d -r 5d1908d87db8 src/firefoxos/help/hman.html --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/firefoxos/help/hman.html Fri Apr 26 19:10:52 2013 +0200 @@ -0,0 +1,158 @@ + + + + + + + + OTPWCalc + + + + + + + + + +

OTPWCalc

User Commands

OTPWCalc(1)

Name

OTPWCalc - Client application for calculating responses to OTP challenges.

Synopsis

OTPWCalc [-h] [-v] [-V]

Description

Playing the role of a hardware + token in a client server authentication system as described + in RFC 2289, OTPWCalc calculates responses to incoming + authentication challenges as typed in by the user.

Options

+ -h Display a brief help message and exit.
+ -v Print verbose text to the calling terminal.
+ -V Print the version number and exit. +

Terms

Username

+ The name that the server knows. For example, 'albertc'. +

Secret

+ A password, usually selected by the user, that is + needed to gain access to the server. For example, + 'Mysec2-pw'. +

Challenge

+ Information printed by the server when it tries to + authenticate a user. This information is needed by + OTPWCalc to generate a proper response. For example, + 'otp-md5 820 dinw23612'. +

Response

+ Information generated from a challenge that is used + by the server to authenticate the user. For example, + 'BIEM ROSE JINX HARD BALL SKY NEW'. +

Seed

+ Information used in conjunction with the secret and + sequence number to compute the response. It allows + the same secret to be used for multiple sequences + by changing the seed, or for authentication to + multiple servers by using different seeds. +

Sequence #

+ A counter used to track key iterations. Each time + a successful response is received by the server the + sequence number is decremented. For example, 71. +

Hash ID

+ Text that identifies the cryptographical algorithm + used. The valid hash identifiers are 'otpmd4' + corresponding to MD4, and 'otp-md5' corresponding + to MD5. +

Files

+ The application may store a cookie in a file used to + restore the most recent settings. The location of this + file (or arbitrary data structure) varies according to + the operating system. +

Bugs

This manual.

Security

+ All of the authentication strategies covered in the + standards implemented by this application are vulnerable + to man in the middle (MITM) attacks. The strategies can + be combined with public key logic to defeat such attacks. +

Standards

+ The IETF standards RFC 1760 (The S/KEY One-Time Password + System) and RFC 2289 (A One-Time Password System) are + implemented. +

OTPWCalc

+ To start using OTPWCalc now… +

Install and configure a OTP authentication server on the host computer.
Add a username, seed ID, and password to the OTP authentication server.
Log in to the host computer providing the recently added username. The host computer will reply with a challange including the appropriate seed ID and a new counter number.
Type the seed ID and counter number along with the corresponding password into OTPWCalc. Click Submit.
Read the resulting OTP in
red uppercase characters
.
Type the OTP into the host computer console and…
Enjoy secure access!

+ + diff -r 09006594d51d -r 5d1908d87db8 src/firefoxos/help/hsec.html --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/firefoxos/help/hsec.html Fri Apr 26 19:10:52 2013 +0200 @@ -0,0 +1,54 @@ + + + + + + + + OTPWCalc + + + + + + + + + +

OTPWCalc

Security

Please monitor the mailing list and keep your installation of OTPWCalc up to date!

+ + diff -r 09006594d51d -r 5d1908d87db8 src/firefoxos/help/hsta.html --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/firefoxos/help/hsta.html Fri Apr 26 19:10:52 2013 +0200 @@ -0,0 +1,58 @@ + + + + + + + + OTPWCalc + + + + + + + + + +

OTPWCalc

Standards

This application implements
the following standards:

+ RFC 2289, A One-Time Password System +

+ + diff -r 09006594d51d -r 5d1908d87db8 src/firefoxos/main.html --- a/src/firefoxos/main.html Tue Apr 23 22:01:36 2013 +0200 +++ b/src/firefoxos/main.html Fri Apr 26 19:10:52 2013 +0200 @@ -46,13 +46,13 @@ data-rel, data-icon, data-url, data-role, and data-type --> -

About

OTPWCalc

- Help + Help

diff -r 09006594d51d -r 5d1908d87db8 src/firefoxos/main.js --- a/src/firefoxos/main.js Tue Apr 23 22:01:36 2013 +0200 +++ b/src/firefoxos/main.js Fri Apr 26 19:10:52 2013 +0200 @@ -29,12 +29,46 @@ //$.mobile.ajaxLinksEnabled = false; //}); $(document).on("mobileinit", function() { - $.extend( $.mobile , { + $.extend($.mobile, { pageLoadErrorMessage: 'Either the page cannot be found or it cannot be loaded.' }); }); //$(document).on("pageinit", function() { //}); +$(document).on("pageinit", "[data-role='page'].oc-swipage", function() { + var makepage = "#" + $(this).attr("id"), + next = $(this).jqmData("next"), // Next page stored in data-next + prev = $(this).jqmData("prev"); // Previous page stored in data-prev + + if (next) { // Check if data-next attribute is indeed set + //// Prefetch next page + //$.mobile.loadPage(next); + // Navigate to next page on swipe left + $(document).on("swipeleft", makepage, function(inev) { + inev.stopImmediatePropagation(); + $.mobile.changePage(next, {transition: "slide"}); + }); + } + else { // If data-next not set then default to history + $(document).on("swipeleft", makepage, function(inev) { + inev.stopImmediatePropagation(); + window.history.forward({transition: "slide"}); + }); + } + if (prev) { // Check if data-prev attribute is set + $(document).on("swiperight", makepage, function(inev) { + inev.stopImmediatePropagation(); + $.mobile.changePage(prev, {transition: "slide", reverse: true}); + }); + } + else { // If data-prev not set then default to history + $(document).on("swiperight", makepage, function(inev) { + inev.stopImmediatePropagation(); + //history.back(); // or window.history.back(); + $.mobile.back({transition: "slide", reverse: true}); + }); + } +}); // the main logical entry point function otpwcalc() { diff -r 09006594d51d -r 5d1908d87db8 src/firefoxos/manifest.webapp --- a/src/firefoxos/manifest.webapp Tue Apr 23 22:01:36 2013 +0200 +++ b/src/firefoxos/manifest.webapp Fri Apr 26 19:10:52 2013 +0200 @@ -1,5 +1,5 @@ { - "version": "0.7.1", + "version": "0.7.2", "name": "OTPWCalc", "description": "One time password (OTP) challenge response calculator client", "type": "web", diff -r 09006594d51d -r 5d1908d87db8 src/firefoxos/otpwcalc.appcache --- a/src/firefoxos/otpwcalc.appcache Tue Apr 23 22:01:36 2013 +0200 +++ b/src/firefoxos/otpwcalc.appcache Fri Apr 26 19:10:52 2013 +0200 @@ -1,10 +1,16 @@ CACHE MANIFEST # v1 2013-04-18 # http://developer.mozilla.org/docs/HTML/Using_the_application_cache/ +about.html main.css main.html -about.html -help.html +help/help.html +help/help.js +help/hman.html +help/hsec.html +help/hfaq.html +help/hsta.html +help/hqst.html hashes/md4.js hashes/md5.js hashes/rmd160.js @@ -19,6 +25,32 @@ img/otpwcalc-64px.png img/otpwcalc-128px.png img/otpwcalc-256px.png +img/compute-hd.png +img/compute-sd.png +img/datahost.png +img/document-hd.png +img/document-sd.png +img/email-hd.png +img/email-sd.png +img/manpage-hd.png +img/manpage-sd.png +img/question-hd.png +img/question-sd.png +img/quickstart-hd.png +img/quickstart-sd.png +img/security-hd.png +img/security-sd.png +img/seeye-hd.png +img/seeye-sd.png +img/tastatur.png +jquery.core/jquery-1.9.1.js +jquery.mobile/jquery.mobile-1.3.1.min.css +jquery.mobile/jquery.mobile-1.3.1.min.js +jquery.mobile/images/icons-18-white.png +jquery.mobile/images/icons-18-black.png +jquery.mobile/images/ajax-loader.gif +jquery.mobile/images/icons-36-white.png +jquery.mobile/images/icons-36-black.png # Fetch from network if available NETWORK:

OTPWCalc

One Time Password Calculator 0.7.1

One Time Password Calculator 0.7.2

OTPWCalc

Help

OTPWCalc

What is a One Time Password?

What can I do with this app?

What can I do with OTPs?

Can I log into my Google account?

Can I log in to Win/OSX/Oracle?

Can I log in to Unix/Linux?

What else can I do with it?

Can I install OTPWCalc on …?

Why isn't OTPWCalc compatible?

What happens to my password?

Is OTPWCalc safe and secure?

Is it useful in a corporate setting?

Does James Bond use OTPWCalc?

Same as Yubikey or RSA SecurID?

How can I upgrade my OTPWCalc?

Who owns OTPWCalc?

Is OTPWCalc licensed?

Which programming language?

What are ongoing developments?

How can I report a bogue (bug)?

My question isn't answered,or this is just not working!

OTPWCalc

- To start using OTPWCalc now… -

OTPWCalc

OTPWCalc

Security

OTPWCalc

Standards

OTPWCalc

Help

OTPWCalc

What is a One Time Password?

What can I do with this app?

What can I do with OTPs?

Can I log into my Google account?

Can I log in to Win/OSX/Oracle?

Can I log in to Unix/Linux?

What else can I do with it?

Can I install OTPWCalc on …?

Why isn't OTPWCalc compatible?

What happens to my password?

Is OTPWCalc safe and secure?

Is it useful in a corporate setting?

Does James Bond use OTPWCalc?

Same as Yubikey or RSA SecurID?

How can I upgrade my OTPWCalc?

Who owns OTPWCalc?

Is OTPWCalc licensed?

Which programming language?

What are ongoing developments?

How can I report a bogue (bug)?

My question isn't answered,or this is just not working!

OTPWCalc

OTPWCalc

+ To start using OTPWCalc now… +

OTPWCalc

Security

OTPWCalc

Standards

OTPWCalc

My question isn't answered,
or this is just not working!

My question isn't answered,
or this is just not working!