— respond to an OTP challenge
is a procedure for using one-time passwords
to authenticate access to computer systems. It uses 64 bits of information
transformed by the MD5, RIPEMD-160, or SHA1 algorithms. The user supplies the
64 bits in the form of 6 English words that are generated by a secure
computer. This implementation of S/Key
Before using skey
the system needs to be
initialized using skeyinit(1)
this will establish a secret passphrase. After that, one-time passwords can be
generated using skey
, which will prompt for the
secret passphrase. After a one-time password has been used to log in, it can
no longer be used.
is invoked as
will use method
as the hash function where
is currently one of md5, rmd160, or
If you misspell your secret passphrase while running
, you will get a list of one-time passwords
that will not work, and no indication of the problem.
Password sequence numbers count backwards. You can enter the passwords using
small letters, even though skey
The options are as follows:
- Selects the hash algorithm: MD5, RMD-160 (160-bit Ripe
Message Digest), or SHA1 (NIST Secure Hash Algorithm Revision 1).
- Prints out count one-time
passwords. The default is to print one.
- Uses passphrase as the
secret passphrase. Use of this option is discouraged as your secret
passphrase could be visible in a process listing.
- Causes output to be in hexadecimal instead of ASCII.
$ skey 99 th91334
Enter secret passphrase: <your secret passphrase is entered here>
OMEN US HORN OMIT BACK AHOY
C. Metz, P. Nesser, and
M. Straw, A One-Time Password
System, RFC 2289, February
S/Key is a Trademark of Bellcore.
Neil M. Haller
John S. Walden