— respond to an OTP
[-md5 | -rmd160 |
is a procedure for using one-time passwords to
authenticate access to computer systems. It uses 64 bits of information
transformed by the MD5, RIPEMD-160, or SHA1 algorithms. The user supplies the
64 bits in the form of 6 English words that are generated by a secure
computer. This implementation of S/Key
is RFC 2289
Before using skey
the system needs to be initialized using
; this will establish a secret
passphrase. After that, one-time passwords can be generated using
, which will prompt for the secret passphrase. After a
one-time password has been used to log in, it can no longer be used.
is invoked as otp-method
will use method
as the hash
function where method
is currently one of md5, rmd160,
If you misspell your secret passphrase while running skey
will get a list of one-time passwords that will not work, and no indication of
Password sequence numbers count backwards. You can enter the passwords using
small letters, even though skey
prints them capitalized.
The options are as follows:
- -md5 |
-rmd160 | -sha1
- Selects the hash algorithm: MD5, RMD-160 (160-bit Ripe
Message Digest), or SHA1 (NIST Secure Hash Algorithm Revision 1).
- Prints out count one-time passwords.
The default is to print one.
- Uses passphrase as the secret
passphrase. Use of this option is discouraged as your secret passphrase
could be visible in a process listing.
- Causes output to be in hexadecimal instead of ASCII.
$ skey 99 th91334
Enter secret passphrase: <your secret passphrase is entered here>
OMEN US HORN OMIT BACK AHOY
N. Haller, C.
Metz, P. Nesser, and M.
Straw, A One-Time Password System,
RFC 2289, February
TRADEMARKS AND PATENTS
S/Key is a Trademark of Bellcore.
Neil M. Haller
John S. Walden