Based on RFC 2289, which is based on a the S/KEY
Authentication-scheme. It uses the MD5- and SHA-algorithms for
hashing
The variable OTP is at all times a 64bit string
| Method Summary |
| |
__init__(self,
hash)
Set the hash to either md5 or sha1 |
| |
calculateParity(self,
otp)
Calculate the parity from a 64bit OTP |
| |
challenge(self,
seed,
sequence)
Return a challenge in the format otp-<hash> <sequence>
<seed> |
| |
foldDigest(self,
otp)
|
| |
foldDigest128(self,
otp128)
Fold a 128 bit digest to 64 bit |
| |
foldDigest160(self,
otp160)
Fold a 160 bit digest to 64 bit |
| |
generateOTP(self,
seed,
passwd,
sequence)
Return a 64 bit OTP based on inputs Run through makeReadable to get a
6 word pass-phrase |
| |
generateSeed(self)
Return a 10 char random seed, with 6 lowercase chars and 4 digits |
| |
hashUpdate(self,
digest)
Run through the hash and fold to 64 bit |
| |
makeReadable(self,
otp)
Returns a 6 word pass-phrase from a 64bit OTP |
| |
parsePhrase(self,
phrase)
Decode the phrase, and return a 64bit OTP I will raise Unauthorized if
the parity is wrong TODO: Add support for hex (MUST) and the '2nd
scheme'(SHOULD) |