obov v1.1.0 released
by ricardoz on Aug.04, 2008, under Security
A new version of obov is available for download. Some nice new features were added:
- Methods to generate passwords using the HMAC-SHA1 algorithm
- A handy utility method to generate secret keys (seeds) based on any given string
Go get it!
July 10th, 2009 on 8:07 am
I’ve got a working setup which might be of interest to others.
I’m using a ZyXEL hardware token. You find the details here: http://www.zyxel.com/web/product_family_detail.php?PC1indexflag=20040908175941&CategoryGroupNo=96C9CDE6-F2AA-4D84-9D62-311A7CCD996C
They are shipped with a CD containing the seeds. Look for a file called data01.sql located in ASAS\import.
Using the following parameters you should get the token running together with oboc in just a few minutes:
* secret = the seed you found in data01.sql next to your token’s ESN id within the insert into the table OTP
* codeDigits = 6
* addChecksum = false
* truncationOffset = 16 (this enforces dynamic truncation)
The token is event based. This means that the moving factor (or counter) is increased every time you push the button to get a new password. You can use resyncMovingFactor if you don’t know the counter of your token.
The ZyXEL tokens come from Authenex and are identical with their A-Key 3600 token. Though, I don’t know how they supply the seeds in the same way. See http://www.authenex.com/authenex-products/akey-token-3600.html