Virtual OTP token

From SecuTech Wiki
Revision as of 05:12, 14 June 2018 by Mapril (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Virtual token for testing

To create a uinf seed file for testing purposes with the Seed_portal, simply copy paste the following into notepad and save as "something.uinf":

secu_uniotp
STES1234567|0123456789012345678901234567890123456789|0000000000|0000000000|1|2014-01-21 10:06:35|6|050|060|

For a more indepth description, the file format is:

secu_uniotp
Serial name | secret key | counter 1 | counter 2 | token type | date last synchronized | digits | Authentication window | timestep |
Serial name | secret key | counter 1 | counter 2 | token type | date last synchronized | digits | Authentication window | timestep |
...
Serial name | secret key | counter 1 | counter 2 | token type | date last synchronized | digits | Authentication window | timestep |

For testing purposes, virtual tokens can be created this way.

  • Serial name: Unique name of tokens
  • Secret key: Either 40 hex characters or 20 ascii, for 160bit secret keys
  • Counter 1 & 2: unsigned integers
  • Token type: 1 = HOTP/event, 2 = TOTP/time, 3 = OCRA/challenge and response
  • Date last synchronized: Date and time the uinf file was last synchronized to the token itself
  • Digits: Number of digits for the OTP, typically 6 or 8
  • Authentication window: Allows the uinf file to define the range of OTP's to attempt authentication with ahead of expected counter
    • For example a HOTP token may of been pressed several times by accident, or a TOTP may of drifted
  • Timestep: Divisor for current Unix time for TOTP tokens

Requirements:

  • The serial name should be no longer then 13 characters, must start with a letter and end with a number.
  • Counter 1 and counter 2 can be no greater then: 4294967295 (2^32), it is concatenated to create a 2^64 number, incase a server does not support the full 2^64 counter range.
    • Must always be 10 characters long, pad with 0's.
  • Date last synchronized must be equal to or greater than "1970-01-01 00:00:00" as that is the start of Unix timestamp.
  • Once a secret key format is used (either ASCII or hex), it must stay in that format for the rest of the secret keys.
    • ASCII filetype may add additional symbols when saved as txt by text editors, it is recommended to use hex unless a "smart" editor is used. For example, Notepad++ with hex editor can be used to check if the secret key has more characters then 20.

Testing virtual token

The newly created uinf/virtual token can be tested with the UniOTP seed portal, see Seed_portal for more details.