Provided by: otp_970425-6_i386 bug


       otp - generate one-time key pads or password lists


       otp [ -cchars -ddigits -echars -lchars -msigfile -nnkeys -rseed
             -snchars -u -wlinelen outfile ]


       Systems which use passwords and/or encryption keys to  authenticate  an
       individual’s identity or protect against interception of communications
       achieve the highest degree of security when each  password  or  key  is
       used only once.  Spies are furnished ‘‘one-time pads’’ containing pages
       of keys used to encrypt individual characters of secret messages,  then
       discarded.   As  long  as  the physical security of the two copies of a
       one-time pad is assured and  the  keys  on  the  pad  are  sufficiently
       random, security is absolute.

       Swiss  banks  which  accept  electronic  payment  orders  use a similar
       mechanism to verify the identity of the issuer of  an  order.   When  a
       client  authorises  the  bank  to  accept  electronic  orders, the bank
       delivers, by registered mail, a list of  individual  session  passwords
       (usually  numbers  of  4 to 6 digits).  The customer agrees to keep the
       list of passwords physically secure, and to not hold the bank liable if
       the  customer  allows  the  list to fall into unauthorised hands.  Each
       time an order is given, in addition to the regular  user  identity  and
       password,  the next key from the list must be entered, and then crossed
       off by the user.  The bank verifies the key against a copy of the  list
       stored in their own secure computer, and only if the key matches is the
       order accepted.  Multiple incorrect entries block electronic access  to
       the  customer’s  account  until  re-enabled  by  the customer providing
       suitable verification that an unauthorised access attempt did  not,  in
       fact, occur.

       Note  that even if the customer’s entire communication session with the
       bank is intercepted, the eavesdropper will not be able to  subsequently
       issue orders in the customer’s name since the one-time password used in
       the compromised session will never  be  used  again,  and  provides  no
       usable clue as to subsequent one-time passwords.

       otp  creates  key  and  password  lists  for  verification and security
       purposes in a variety of formats.  Keys can be of any  length,  consist
       of  digits or letters (capital or lower case), and alphabetic passwords
       can either be  entirely  random  (most  secure)  or  obey  the  digraph
       statistics  of  English text (easier to remember when transcribing, but
       less secure).

       For computer applications, for example one-time  login  passwords,  otp
       can create a file containing the MD5 signature of each of the generated
       keys.  This permits the computer to verify keys  without  the  need  to
       store  the  keys  in plaintext.  As noted below, this improves security
       only if keys are sufficiently long to deter exhaustive search for their


       -cchars     Generate  keys  consisting  of  chars  (default  8) capital
                   letters.  The keys consist of random letters unless the  -e
                   option  is  also  specified,  in  which  case they obey the
                   digraph statistics of English text.

       -ddigits    Generate keys consisting  of  digits  (default  8)  decimal

       -echars     Generate keys consisting of chars (default 8) letters which
                   obey the digraph statistics of English text.  Such keys are
                   usually easier to remember when transcribing from a printed
                   pad to a computer, but are less secure than entirely random
                   sequences  of letters.  Keys default to lower case letters;
                   specify the -c option along with -e if you  prefer  capital

       -lchars     Generate  keys  consisting  of chars (default 8) lower case
                   letters.  The keys consist of random letters unless the  -e
                   option  is  also  specified,  in  which  case they obey the
                   digraph statistics of English text.

       -msigfile   A file sigfile is written which contains the MD5  signature
                   of  each of the generated keys, with each 128 bit signature
                   written as 32 hexadecimal  digits  on  a  line  by  itself.
                   Computer  applications  can  use  this  signature  file for
                   verification when the user  supplies  a  key,  rather  than
                   storing  a copy of the keys as plaintext.  Note that if the
                   MD5 signature file is compromised,  short  keys  are  still
                   vulnerable  since  their  MD5  signatures  can  be found by
                   exhaustive search.

       -nnkeys     Generate nkeys keys.  By default, 50 keys are generated.

       -rseed      The string seed is used to  initialise  the  random  number
                   generator.   Every  run  of  otp  with  the  same seed will
                   produce the same output.   This  is  primarily  useful  for
                   testing, but it also allows users at different locations to
                   produce identical sheets given only a seed known  to  both.
                   If  you’re about to use up all the keys on a sheet, you can
                   generate a new pair of sheets by using the last key on  the
                   sheet as the seed for a new one.  (This is not as secure as
                   physically exchanging a new pair of sheets, but  if  you’re
                   about  to  run  out of keys, it’s better than nothing.)  If
                   the  -r  option  is  not  specified,   the   generator   is
                   initialised with a value derived from the date and time and
                   various  system  environment  information;  each  run  will
                   produce a different sheet.

       -snchars    Include  a  hyphen separator every nchars characters in the
                   keys.  Breaking up long keys into segments with  separators
                   makes  them  easier to transcribe.  By default, a hyphen is
                   inserted every 4 characters.

       -u          Print how-to-call information.

       -wlinelen   Format output so lines are less than or  equal  to  linelen
                   characters (unless individual keys exceed the line length).
                   The default line length is 79 characters.


       If no outfile is specified, output is written on standard output.


       If you’re using otp-generated keys for computer system passwords,  it’s
       wise  to  include  one  or  more non-alphanumeric characters and to mix
       upper and lower case  letters;  this  makes  your  password  much  more
       difficult to guess by exhaustive search.  For example, if otp generated
       a password of jxuc-uiuf and you’re using a system  on  which  passwords
       are  limited  to  8 characters, you might actually use jXu&uIU= as your

       When using one-time keys to communicate with other people, it’s often a
       good  idea  to  supply both the current session key and the key for the
       previous session.  It’s easy to forget to cross off a key  after  using
       it;  including the previous key makes it easier to discover if this has
       happened  and  get  back  in  sync.    Similarly,   in   computer-based
       authentication  systems  it’s  a  good  idea  to respond to entry of an
       incorrect key by prompting the user with the key from the last session.

       Pseudorandom  numbers  on  which  entries  in  the  pads  are based are
       generated by the exclusive-or of four concurrently-running BSD random()
       generators,  each  with 256 bytes of state, independently seeded from 4
       byte segments of the 16-byte MD5 signature of the original seed.




       otp returns status 0 if processing was completed without errors, and  2
       if an error prevented generation of output.


       The  English-digraph  frequency  key  generator is based on the ‘‘mpw’’
       program developed at MIT, which was converted from Multics PL/I to C by
       Bill  Sommerfeld,  4/21/86.   The original PL/I version was provided by
       Jerry Saltzer.

       The implementation of MD5 message-digest algorithm is based on a public
       domain version written by Colin Plumb in 1993.  The algorithm is due to
       Ron Rivest.  The algorithm is described in Internet RFC 1321.


           John Walker

       This software is in  the  public  domain.   Permission  to  use,  copy,
       modify,  and  distribute  this  software  and its documentation for any
       purpose and without fee is hereby granted, without  any  conditions  or
       restrictions.   This  software is provided ‘‘as is’’ without express or
       implied warranty.