dbo:abstract
- OTPW is a one-time password system developed for authentication in Unix-like operating systems by Markus Kuhn. A user's real password is not directly transmitted across the network. Rather, a series of one-time passwords is created from a short set of characters (constant secret) and a set of one-time tokens. As each single-use password can only be used once, passwords intercepted by a password sniffer or key logger are not useful to an attacker. OTPW is supported in Unix and Linux (via pluggable authentication modules), OpenBSD, NetBSD, and FreeBSD, and a generic open source implementation can be used to enable its use on other systems. OTPW, like the other one-time password systems, is sensitive to a man in the middle attack if used by itself. This could for example be solved by putting SSL, SPKM or similar security protocol "under it" which authenticates the server and gives point-to-point security between the client and server. (en)