Spartan Java

obov v1.1.0 released

by on Aug.04, 2008, under Security

A new version of obov is available for download. Some nice new features were added:

  • Methods to generate passwords using the HMAC-SHA1 algorithm
  • A handy utility method to generate secret keys (seeds) based on any given string

Go get it!

:, , , , ,

1 Comment for this entry

  • Simon

    I’ve got a working setup which might be of interest to others.

    I’m using a ZyXEL hardware token. You find the details here: http://www.zyxel.com/web/product_family_detail.php?PC1indexflag=20040908175941&CategoryGroupNo=96C9CDE6-F2AA-4D84-9D62-311A7CCD996C

    They are shipped with a CD containing the seeds. Look for a file called data01.sql located in ASAS\import.

    Using the following parameters you should get the token running together with oboc in just a few minutes:
    * secret = the seed you found in data01.sql next to your token’s ESN id within the insert into the table OTP
    * codeDigits = 6
    * addChecksum = false
    * truncationOffset = 16 (this enforces dynamic truncation)

    The token is event based. This means that the moving factor (or counter) is increased every time you push the button to get a new password. You can use resyncMovingFactor if you don’t know the counter of your token.

    The ZyXEL tokens come from Authenex and are identical with their A-Key 3600 token. Though, I don’t know how they supply the seeds in the same way. See http://www.authenex.com/authenex-products/akey-token-3600.html

Leave a Reply

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...