I’m starting a software development project. I haven’t development any software for a long time. But this project is something I’ve wanted for a long time and It’s looking so simple I can taste it.

    Security based on obscurity is bad. Computer access based on simple passwords is an example. Anyone who knows the password can use it. Lots of computer equipment require their passwords to be sent across the network in the open using telnet.

    I want to protect the system I use with a one time pad (OTP). For each login there would only be one password of randomly selected characters.

 

 

    Making this system easy to use is the problem. This system is in use and has been made simple by companies like VeriSign. These are great products. I have wanted to use these for years! The problem is cost. For me to get a single key bob token for my system, I would have to purchase 250 (this is their minimum order) and sign a service agreement costing thousands of dollars.

THE PROJECT
    I’m proposing a system based on or expanding the PAM_SOTP project. I want to write a program that will live on a thumb drive. When your run or click on this program it will give you the next password from the OTP. For more security it could even challenge you for a password to access the OTP.

    Here is a senerio. You need access to your home computer and you are at your friends house. You ask to use his computer and he says OK. You plug in your thumb drive and after a few seconds a new drive appears. You click on the drive and run my OTP program. (Maybe the OTP program is set to auto run.) The OTP program prints the next password from the OTP file. You run telnet or ssh if your friend has it and login to your computer.

    If you are interested in commenting on this project or want to be involved in it’s development, Emil me.