On Wed, Feb 20, 2002 at 10:42:49PM +0100, Daniel Beuchler wrote: > >>Well, that's the trick, isn't it? ;-) > Thats it - Really ;-) > > >>It will work, but you'll need to do one of two things: > Hmm i question myself how you tested the implementation ;)
Their previous generation of token cards can be programmed without the initializer. The cryptoadmin software gives you the instructions in a dialog box (you set an option "manual initialization" or something). However, I don't believe you can buy these cards anymore. I can mail you one or two if you want, send me a personal reply if interested. But just to test the implementation, you need only use crcalc. One use of a program like that (I've done this in the past) is for automated plaintext logins (say downloading router configs). Rather than send a static password in the clear, your script generates the next OTP. You still have a secret that has to be kept in the clear, but at least the secret doesn't go over the wire, so you need only worry about the security of the host the script runs on. Nowadays, that's more easily taken care of with ssh and RSA auth, if the device supports it. > >>- Figure out how cryptoadmin encrypts the keys stored in its database. > >> Cryptoadmin can be downloaded free from www.cryptocard.com. > I think they do have mysql support on Linux ... perhaups theres a way to > get the keys easily I'm sure there is. You *might* even be able to send a note to cryptocard and just ask them how it's saved in the db. Dunno how forthcoming they will be ... probably depends on how many tokens you want to buy. ;-) /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html