Open Source One Time Passwords - A good Idea?
Posted: Sun Jul 26, 2009 8:03 am
I am trying to get an open source project off the ground for One Time Passwords to provide two factor authentication for sensitive web sites or for admin access to website back end. These are in the form of key fobs with a button and LCD screen on them. Inside they have a real time clock and encryption engine. When you press the button it takes the time and date and encrypts it with the private jey of that fob. This cypher is then typed into a auth page on the server together with the normal username and password.
I want to make an open source version of this with PHP for the server side, so the coder can simply use an OpenOTP.php function something like this;
I was just wondering if anyone has used any of the commercial OTP devices and how that panned out and if they feel that one which can be implemented using an open source php function would be quicker, easier, desirable or non of the above and a bit of a waste of time?
Bob.
I want to make an open source version of this with PHP for the server side, so the coder can simply use an OpenOTP.php function something like this;
Code: Select all
function OpenOTP($cypher,$private_key,$expected_drift)
{
// authentication code in PHP here
// returns array of;
// ret_array[0] = 0 or 1 success or failure
// ret_array[1] = drift of the key fob clock in secs which can be stored and used in $expected_drift next time
}
Bob.