Subject: Re: what is /etc/skeykeys?
To: Roger Brown <rogerhb@xtra.co.nz>
From: John Valdes <valdes@macavity.uchicago.edu>
List: port-mac68k
Date: 10/15/1999 22:50:01
> So what is "/etc/skeykeys"

/etc/skeykeys is part of the S/Key one-time password (OTP) system used
on NetBSD.

As the name suggests, OTP systems use single-use passwords for
authentication.  Without going into too much detail (see RFC 2289,
http://www.cis.ohio-state.edu/htbin/rfc/rfc2289.html for the full
scoop, or "man skey" for a quick overview), an OTP system requires
that you supply a new password each time you need to authenticate to
the system (eg, login).  This is to prevent attacks using passwords
captured by, eg, ethernet sniffers.  With the traditional, reusable
password scheme, such as normal Unix account passwords, if one's
username and password are observed by an ethernet sniffer when one
logs into a computer over an insecure network (such as when one uses
telnet or ftp), the observer can then reuse the name and password
himself to gain access to the system.  With an OTP system, a password
is valid only for one authentication; it can still be observed over
the network by a sniffer, but only when it is being used.  However,
since it's captured only after it's been used, it is no longer valid,
so as a result, the captured password can't be reused by the observer
to gain access to the system.

The single-use passwords used in an OTP system are actually part of a
sequence.  The first time you log in (authenticate), you'll be asked
to supply password N.  The next time, you'll be asked for password
N-1, then N-2, and so on.  The sequence is initialized by combining a
secret passphrase known only to you with a unique string (called the
"seed") given to you by the system to which you are authenticating (by
combining your passphrase w/ a seed, this allows you to use the same
passphrase with multiple systems/accounts, since each of these will
have its own unique seed).  The combined passphrase and seed is then
passed through a hash function (MD4, MD5 or SHA-1) N times to generate
the Nth password.  The hash functions are chosen so that they are
difficult if not impossible to invert; that is, given password N, it
is (nearly?) impossible to figure out what password N-1 is.  On the
other hand, given password N-1, it is trivial to figure out password
N; just apply the hash function one time to password N-1.

This last property is how an OTP system can authenticate you w/o
knowing your secret passphrase.  It stores password N from your last
successful login (or from when you initialize yourself to the system)
in a file (/etc/skeykeys, in NetBSD; you knew I was going to get back
to the file at some point... ;) ).  When you next log in, it will look
in /etc/skeykeys to determine the sequence number of your last
password N, and then prompt you to enter the next password in the
sequence, N-1.  It will then apply the hash function once to the
password you provide, and if it matches what it has stored in
/etc/skeykeys, it will then store password N-1 in /etc/skeykeys and
let you in.  The hash functions are also chosen so that no two
distinct values yield the same hash (eg, MD5("foo") and MD5("fop")
will give completely different values), so as a result, the system can
be reasonably assured that no two distinct passphrases can give rise
to the same sequence of passwords.

The output of the hash function is just a 64-bit integer, so to make
it easier to remember and type at a login prompt, this integer is
usually converted to 6 short English words using a standard
dictionary.  As a result, typical one-time passwords look like "SALE
SET AMY COMA COLT NIP".  A typical login exchange using OTP will look
something like this:

  prompt> telnet securehost
  ...
  login: username
  s/key 123 se12345
  Password: SALE SET AMY COMA COLT NIP
  Last login...

The system prompts you for your login: name as usual.  After entering
it, the system looks it up in /etc/skeykeys, and if it finds an entry
in there for this login name, it will display the sequence number-1
that it finds (123) and seed (se12345).  You would then take this
sequence number and seed and figure out the appropriate password
(response).  You figure this out by either having a pre-printed list
of passwords, or more commonly, using a program on a local, secure
computer (the computer you're telnet'ing from or a handheld device) to
compute the appropriate password (an "OTP calculator"; you give it the
sequence number, the seed, and your secret passphrase (you have to
tell it what hash to use too), and it calculates the right password).
After entering the OTP, the system then runs it through the hash
function, and if it matches what's stored in /etc/skeykeys, it lets
you in.

OK, so maybe I did go into a bit of detail... :)  OTP is just one
method to securely authenticate to a system; there are others (eg,
SSH, Kerberos).

This probably isn't the right list to ask, but while I'm on the
subject of OTP (aka S/Key), is anyone working on S/Key for NetBSD?
The current system is pretty old, and actually isn't completely inline
w/ the current draft of the standard (RFC 2289).  I hate to make such
comparisons, :) but the OTP implementation in OpenBSD is more
up-to-date, and would probably be trivial to fold into NetBSD.

Now back to your questions: :)

, mine is zero length, and if I delete it gets
> recreated at a new login.
> So is this a hangover from the shell, 'telnetd' or 'getty'. 

It's probably being created by login (which both telnetd & getty exec
when logging you in).  ftpd, rlogind and others will probably create
this as well (s/key is implemented as a shared library on NetBSD, so
anything that's linked against it makes use of s/key and hence this
file).

> Who uses this file?

See above.  Without looking at the source (the best place to find your
answers, btw :) ), I'd guess that login (via libskey), does an open()
on /etc/skeykeys w/ read/write access (read so it can lookup the
username, write so that it can update any entry if necessary).

> Why is it open twice?
> Why is it there no fcntl(fd,F_SETFD,1) so that it gets closed on 'exec' of
> the user program?

Don't know.

John

-------------------------------------------------------------------------
John Valdes                        Department of Astronomy & Astrophysics
j-valdes@uchicago.edu                               University of Chicago