usage:
makepw encrypted_passwd_file
checkpw encrypted_passwd_file
genpw encrypted_passwd_file #_of_passwords
checkpw queries the user for a password, and checks it by encrypting it with the two-character salt stored in the first entry of the specified password file. If the result of the encryption matches the entry in the password file, then that entry is removed (thus disabling the current password and enabling the new one), and a shell is started. checkpw can be used in the .login file in order to require a single-use password for all logins from outside the home domain:
who am i | egrep -is `cat /etc/defaultdomain`; if ($status != 0) exec checkpw .pwIn this example, .pw is the name of the password file in the user's home directory.
makepw accepts a list of passwords from the standard input, and saves a corresponding list of encrypted passwords in the specified file. genpw is like makepw except that it generates random strings as passwords instead of accepting them from the user. This list of generated passwords is then printed on the default printer. Since genpw uses makepw, be sure to have makepw in your shell's search path when using this program.
This is not a sophisticated program. It is primarily a defence against attacks by packet sniffers, which detect passwords as they travel unencrypted across the network from client to host. Using this scheme, the single-use password can still be sniffed, but it's no use to the bad guy because as soon as it's used it expires. Because this program is not intended to be a defence against attacks by cracking, that is, by guessing passwords or by breaking encryption, the encryption system used---DES---is not the most sophisticated. In addition, the method of selecting the DES salt could be improved; the salt currently has a nonuniform distribution.
Author: Matthew Belmonte
Copyright © 1997 by the Howard Hughes Medical Institute.
May be freely distributed. User accepts liability for any and all damages
arising from the use of this product, including indirect or consequential
damages.
Source code: