Based on RFC 2289, which is based on a the S/KEY
Authentication-scheme. It uses the MD5- and SHA-algorithms for
hashing
The variable OTP is at all times a 64bit string
Method Summary |
|
__init__ (self,
hash)
Set the hash to either md5 or sha1 |
|
calculateParity (self,
otp)
Calculate the parity from a 64bit OTP |
|
challenge (self,
seed,
sequence)
Return a challenge in the format otp-<hash> <sequence>
<seed> |
|
foldDigest(self,
otp)
|
|
foldDigest128 (self,
otp128)
Fold a 128 bit digest to 64 bit |
|
foldDigest160 (self,
otp160)
Fold a 160 bit digest to 64 bit |
|
generateOTP (self,
seed,
passwd,
sequence)
Return a 64 bit OTP based on inputs Run through makeReadable to get a
6 word pass-phrase |
|
generateSeed (self)
Return a 10 char random seed, with 6 lowercase chars and 4 digits |
|
hashUpdate (self,
digest)
Run through the hash and fold to 64 bit |
|
makeReadable (self,
otp)
Returns a 6 word pass-phrase from a 64bit OTP |
|
parsePhrase (self,
phrase)
Decode the phrase, and return a 64bit OTP I will raise Unauthorized if
the parity is wrong TODO: Add support for hex (MUST) and the '2nd
scheme'(SHOULD) |