Provided by: otpw-bin_1.3-2ubuntu1_amd64 bug

NAME

       otpw-gen - one-time password generator

SYNOPSIS

       otpw-gen [ options ]

DESCRIPTION

       OTPW  is a one-time password authentication system. It can be plugged into any application
       that needs to authenticate users interactively.  One-time  password  authentication  is  a
       valuable  protection  against password eavesdropping, especially for logins from untrusted
       terminals.

       Before you can use OTPW to log into your system,  two  preparation  steps  are  necessary.
       Firstly,  your system administrator has to enable it. (This is usually done by configuring
       your login software (e.g., sshd) to use OTPW via the Pluggable Authentication Module (PAM)
       configuration files in /etc/pam.d/.)

       Secondly,  you need to generate a list of one-time passwords and print it out. This can be
       done by calling

              otpw-gen | lpr

       or something like

              otpw-gen -h 70 -s 2 | a2ps -1B -L 70 --borders no

       if more control over the layout is desired.

       You will be asked for a prefix password, which you need to memorize. It has to be  entered
       immediately before the one-time password. The prefix password reduces the risk that anyone
       who finds or steals your password printout can use that alone to impersonate you.

       Each one-time password will be printed behind a three digit password number. Such a number
       will appear in the password prompt when OTPW has been activated:

              Password 026:

       When you see this prompt, enter the memorized prefix password, followed immediately by the
       one-time password identified by the number. Any spaces within a password  have  only  been
       inserted  to  improve  legibility  and  do  not  have  to be copied.  OTPW will ignore the
       difference between the easily confused characters 0O and Il1 in passwords.

       In some situations, for example if multiple logins occur simultaneously for the same user,
       OTPW  defends itself against the possibility of various attacks by asking for three random
       passwords simultaneously.

              Password 047/192/210:

       You then have to enter the prefix password, followed immediately by  the  three  requested
       one-time  passwords.  This  fall-back  mode is activated by the existence of the lock file
       ~/.otpw.lock.  If it was left over by some malfunction, it can safely be deleted manually.

       Call otpw-gen again when you have used up about half of the printed one-time passwords  or
       when  you  have lost your password sheet. This will disable all remaining passwords on the
       previous sheet.

OPTIONS

       -h number     Specify the total number of lines per page to be sent  to  standard  output.
                     This  number  minus  four  header  lines  determines  the  number of rows of
                     passwords on each page. The maximum number of passwords that can be  printed
                     is 1000. (Minimum: 5, default: 60)

       -w number     Specify  the  maximum  width  of  lines  to be sent to standard output. This
                     parameter determines together with the password length the number of columns
                     in the printed password matrix. (Minimum: 64, default: 79)

       -s number     Specify  the  number  of  form-feed  separated  pages to be sent to standard
                     output. (Default: 1)

       -e number     Specify the minimum entropy of each one-time password in bits. The length of
                     each password will be chosen automatically, such that there are at least two
                     to the power of the specified number possible passwords. A  value  below  30
                     might make the passwords vulnerable to a brute-force guessing attack. If the
                     attacke might have read access to the ~/.otpw file, the value should  be  at
                     least  48.  Paranoid users might prefer long high-security passwords with at
                     least 60 bits of entropy.  (Default: 48)

       -p0           Generate passwords by transforming a random bit string into  a  sequence  of
                     letters and digits, using a form of base-64 encoding (6 bits per character).
                     (Default)

       -p1           Generate passwords by transforming a random bit string into  a  sequence  of
                     English four-letter words, each chosen from a fixed list of 2048 words (2.75
                     bits per character).

       -f filename   Specify a file to be used instead of ~/.otpw for storing the hash values  of
                     the generated one-time passwords.

AUTHOR

       The  OTPW  package, which includes the otpw-gen progam, has been developed by Markus Kuhn.
       The most recent version is available from <http://www.cl.cam.ac.uk/~mgk25/otpw.html>.

SEE ALSO

       pam(8), pam_otpw(8)

                                            2003-09-30                                OTPW-GEN(1)