ããã¯ãUbuntu OnlineãFedora OnlineãWindows ãªã³ã©ã€ã³ ãšãã¥ã¬ãŒã¿ãŒãMAC OS ãªã³ã©ã€ã³ ãšãã¥ã¬ãŒã¿ãŒãªã©ãè€æ°ã®ç¡æãªã³ã©ã€ã³ ã¯ãŒã¯ã¹ããŒã·ã§ã³ã®ããããã䜿çšããŠãOnWorks ç¡æãã¹ãã£ã³ã° ãããã€ããŒã§å®è¡ã§ããã³ãã³ã dacstoken ã§ãã
ããã°ã©ã ïŒ
NAME
dacstoken - ããã·ã¥ããŒã¹ã®ã¯ã³ã¿ã€ã ãã¹ã¯ãŒãã管çãã
SYNOPSIS
ãã¯ã¹ããŒã±ã³ [ããã¯ã¹ãªãã·ã§ã³[1]][-ãã¹ãŠ] [-ããŒã¹ NUM] [-ã«ãŠã³ã¿ãŒ NUM] [-æ¡ NUM]
[-ç¡å¹ã«ãã | -æå¹] [-ããããŠã£ã³ã㊠NUM] [-inkeys ã¢ã€ãã ã®çš®é¡]
[[-ã㌠ããŒãŽã¡ã«] | [[-ããŒãã¡ã€ã« ãã¡ã€ã«å] | [[-ããŒããã³ãã]][-ã¢ãŒã otp ã¢ãŒã]
[-outkeys ã¢ã€ãã ã®çš®é¡]
[[-pin ãã³ãŽã¡ã«] | [[-ãã³ãã¡ã€ã« ãã¡ã€ã«å] | [[-ãã³ããã³ãã]][-ãã³å¶çŽ STR]
[-rnd] [-ã·ãŒã STR] [-ã·ãªã¢ã« STR] [-topp-ãã«ã¿ NUM] [-ãããããªãã nwindows]
[-ãããããã·ã¥ ALG]
[-totp-ã¿ã€ã ã¹ããã ãã©ã€] [-vfs vfs_uri] [éçšä»æ§] [ãŠãŒã¶å]
DESCRIPTION
ãã®ããã°ã©ã ã¯ã®äžéšã§ã DACS äžã
ã ãã¯ã¹ããŒã±ã³ ãŠãŒãã£ãªãã£ã管çããŸã DACS ã¯ã³ã¿ã€ã ãã¹ã¯ãŒã (OTP) ã«é¢é£ä»ããããã¢ã«ãŠã³ã
çæè£ çœ® (ããŒã¯ã³) ãŸãã¯ãœãããŠã§ã¢ããŒã¹ã®ã¯ã©ã€ã¢ã³ãã ã³ãã³ã ã©ã€ã³ ãªãã·ã§ã³ã䜿çšãããšã
OTP å€ãèšç®ããŸãã ããŒã¯ã³ ã¢ã«ãŠã³ã ãã©ã¡ãŒã¿ã¯ãªãŒããŒã©ã€ãã§ããŸãããã¢ã«ãŠã³ãã¯å¶æ°ã§ã¯ãããŸãã
å¿ èŠã
匷å㪠XNUMX èŠçŽ èªèšŒã¯ã次ã®å Žåã«æäŸã§ããŸãã dacs_authenticate[2] ãèšå®ãããŠããŸã
䜿çšããŸã local_token_authenticate[3] èªèšŒã¢ãžã¥ãŒã«ã®å Žå ãã¯ã¹ããŒã±ã³ ãšããŠäœ¿çšãããŸã
ãã¹ã¯ãŒããæ€èšŒããããã®ã¹ã¿ã³ãã¢ãã³ ããã°ã©ã ã HMAC ããŒã¹ã®ã¯ã³ã¿ã€ã ãã¹ã¯ãŒã ã¢ãŒã
(HOTP)ãã€ãã³ã ã«ãŠã³ã¿ãŒã«åºã¥ãã RFC 4226[4]ãããã³æéããŒã¹
ã¯ã³ã¿ã€ã ãã¹ã¯ãŒã ã¢ãŒã (TOTP)ã ææ°ã® IETF ã€ã³ã¿ãŒããããã©ãã[5]ææ¡ã
ãµããŒããããŠããŸãã NEW ãªãã¬ãŒã·ã§ãã« ã¢ãŒã[6] OCRA (èªã ãã£ã¬ã³ãžã¬ã¹ãã³ã¹
ã¢ã«ãŽãªãºã ïŒãIETF Internet-Draft ã§èª¬æãããŠããŸããããŸã å®å šã«ã¯ãµããŒããããŠããŸããã
Note
ãã®ããŒãžã§ã³ã® ãã¯ã¹ããŒã±ã³ äžäœäºææ§ã®ãªãå€ãã®å€æŽãçµã¿èŸŒãŸããŠããŸã
ãªãªãŒã¹ 1.4.24a 以åã äžéšã®ã³ãã³ã ã©ã€ã³ ãã©ã°ã®æ©èœã¯ç°ãªããŸãã
ã¢ã«ãŠã³ã ãã¡ã€ã«ã®åœ¢åŒãå€æŽãããŸããã 以åã«ãã®ã³ãã³ãã䜿çšããããšãããå Žå
ããŒã¯ã³ ã¢ã«ãŠã³ã ãã¡ã€ã«ã®ããã¯ã¢ãã ã³ããŒãäœæãããã®ããã¥ã¢ã«ã確èªããŠãã ããã
å ã«é²ãåã«ããŒãžã泚ææ·±ãèªã¿ãŸã ( -å€æ ç¹ã« flag[7])ã
éèŠ
ãã³ããŒæäŸã®ãœãããŠã§ã¢ã¯å¿ èŠãããŸããã ãã¯ã¹ããŒã±ã³ ãã®æ©èœãæäŸããŸãã ã®
çŸåšãµããŒããããŠããããã€ã¹ã§ã¯ãç»é²ãæ§æã®ããåãã¯å¿ èŠãããŸãã
ãã³ããŒãš ãã¯ã¹ããŒã±ã³ ãããŸãã 察話 ã ãã³ããŒã® ãµãŒã or ã€ãããŸã ã©ãã
æææš© ãœãããŠã§ã¢. å®è¡ã«ã¯ãã³ããŒæäŸã®ãœãããŠã§ã¢ãå¿ èŠãªå ŽåããããŸã
ãã ããä»ã®ããŒã¯ã³ ããã€ã¹ã®åæåãŸãã¯æ§æãããã³ ãã¯ã¹ããŒã±ã³ ãããŸãã
ãããã«ãã®ãããªãµããŒããæäŸããŸããã
éåžžãåããŒã¯ã³ ããã€ã¹ã¯ãã«ãã£ãŠç®¡çãããæ£ç¢ºã« XNUMX ã€ã®ã¢ã«ãŠã³ãã«å¯Ÿå¿ããŸãã
ãã¯ã¹ããŒã±ã³ãã ããäžéšã®ãã³ããŒã¯ãè€æ°ã®ã¢ã«ãŠã³ãããµããŒãã§ããããŒã¯ã³ãäœæããŠããŸãã
èŠçŽãããšããã®ãŠãŒãã£ãªãã£:
ã»äœæããã³ç®¡ç DACS ã«ãŠã³ã¿ãŒããŒã¹ããã³æéããŒã¹ã«é¢é£ä»ããããã¢ã«ãŠã³ã
ã¯ã³ã¿ã€ã ãã¹ã¯ãŒã
ã»æ€èšŒããã³ãã¹ãæ©èœãæäŸ
· ã³ãã³ãã©ã€ã³èªèšŒæ©èœãæäŸ
ã»ãã¥ãªãã£
ã ã DACS 管çè ã¯ããã®ããã°ã©ã ã
ã³ãã³ãã©ã€ã³ã ãªããªã DACS ããŒãšæ§æãã¡ã€ã« (䜿çšããããã¡ã€ã«ãå«ã)
ã¹ã㢠ã¢ã«ãŠã³ãã¯ç®¡çè ã«å¶éããå¿ èŠããããŸããããã¯éåžžã
ãã ãã泚ææ·±ã管çè ã¯ããã¹ãŠã®ãã¡ã€ã«ãžã®ã¢ã¯ã»ã¹ãæåŠããããã«ãã¡ã€ã«æš©éãèšå®ããŸãã
ä»ã®ãŠãŒã¶ãŒã
Note
ã dacs_token(8)[8] Web ãµãŒãã¹ã¯ãŠãŒã¶ãŒã«éãããã»ã«ããµãŒãã¹ãæäŸããŸã
ã¢ã«ãŠã³ãã® PIN ãèšå®ãŸãã¯ãªã»ããããããŒã¯ã³ãåæããæ©èœã ãŸã
ãã¹ããšè©äŸ¡ãç°¡çŽ åããããã®ãã¢ã³ã¹ãã¬ãŒã·ã§ã³ ã¢ãŒãããããŸãã
PIN ïŒã¢ã«ãŠã³ã ãã¹ã¯ãŒã)
A ãã¯ã¹ããŒã±ã³ ã¢ã«ãŠã³ãã«ã¯ãå¿ èŠã«å¿ã㊠PIN (ãã¹ã¯ãŒã) ãé¢é£ä»ããããšãã§ããŸãã ã«
ãã®ãããªã¢ã«ãŠã³ãã«å¯ŸããŠèªèšŒããå ŽåããŠãŒã¶ãŒã¯çæãããã¯ã³ã¿ã€ã ãã¹ã¯ãŒããæäŸããå¿ èŠããããŸã
ã²ãšèšã§ & æ蚌çªå·ã ã® TOKEN_REQUIRES_PIN[9] æ§æãã£ã¬ã¯ãã£ãã決å®ããŸã
ã¢ã«ãŠã³ãã®äœæãŸãã¯ã€ã³ããŒãæã« PIN ãæäŸããå¿ èŠããããã©ããã ã«ã¯åœãŠã¯ãŸããŸãã
ãšçµã¿åãã㊠-ãã«ãã³ ãã©ã°ã管çè ã®ã¿ãå®è¡ã§ããå¿ èŠããããã
ãã®æ©èœã
PIN èªäœã§ã¯ãªããã¢ã«ãŠã³ã ã¬ã³ãŒãã« PIN ã®ããã·ã¥ãä¿åãããŸãã åã
ã«ãã£ãŠäœ¿çšãããæ¹æ³ ããã¯ã¹ãã¹ã¯ãŒã(1)[10]ãš dacs_passwd(8)[11] ãé©çšããã
PASSWORD_DIGEST[12]ãš PASSWORD_SALT_PREFIX[13] æå¹ãªæ什ã ããã
PASSWORD_DIGEST[12] ãæ§æãããŠããå Žåããã®ã¢ã«ãŽãªãºã ã䜿çšãããŸãããã以å€ã®å Žåã¯ãã³ã³ãã€ã«æã«
ããã©ã«ã (SHA1) ã䜿çšãããŸãã ãŠãŒã¶ãŒã PIN ãå¿ããå Žåãå€ã PIN ã¯åŸ©å ã§ããªãããã
åé€ããããæ°ãããã®ãèšå®ããå¿ èŠããããŸãã
äžéšã®ããŒã¯ã³ ããã€ã¹ã«ã¯ãPIN æ©èœãçµã¿èŸŒãŸããŠããŸãã ãŠãŒã¶ãŒã¯ PIN ãå ¥åããå¿ èŠããããŸã
ããã€ã¹ãã¯ã³ã¿ã€ã ãã¹ã¯ãŒããçºè¡ããåã®ããã€ã¹ã ãã®ã端æ«æ蚌çªå·ãã¯
ã«ãã£ãŠç®¡çãããã¢ã«ãŠã³ã PIN ãšã¯å®å šã«åºå¥ãããŸãã ãã¯ã¹ããŒã±ã³ããã®ããã¥ã¢ã«ã¯
ã®ã¿ã«é¢ä¿ãã ãã¯ã¹ããŒã±ã³ ãã³ã å¯èœã§ããã°ãããã€ã¹ PIN ãåžžã«äœ¿çšããå¿ èŠããããŸãã
ã ãã¯ã¹ããŒã±ã³ XNUMX èŠçŽ èªèšŒã«ã¯ PIN ãå¿ èŠã§ããã匷ãæšå¥šãããŸã
(è¿œå ã®èªèšŒèŠçŽ ãä»ã®æ¹æ³ã§é©çšãããªãéã)ã
ãã®ã³ãã³ãã¯ç®¡çè ã®ã¿ãå®è¡ã§ãããããå¶éã¯ãããŸããã
管çè ãæäŸãã PIN ã®é·ããŸãã¯å質ã èŠåã¡ãã»ãŒãž
ãã ãããã¹ã¯ãŒããè匱ã§ãããšå€æãããå Žåã¯ã
PASSWORD_CONSTRAINTS[14] æ什ã
åçºè¬åº§ ãã¹ã¯ãŒã
ã©ã¡ãã®çš®é¡ã®ã¯ã³ã¿ã€ã ãã¹ã¯ãŒã ããã€ã¹ããå®å šãªãã¹ã¯ãŒãã䜿çšããŠãã¹ã¯ãŒãå€ãèšç®ããŸãã
ããŒä»ãããã·ã¥ ã¢ã«ãŽãªãºã (RFC 2104[15] FIPS 198[16])ã ã«ãŠã³ã¿ãŒããŒã¹ã®æ¹æ³ã§ã¯ãããã€ã¹
ãµãŒããŒã¯ãæ°å€ãçæããããã«ããã·ã¥ãããç§å¯éµãšã«ãŠã³ã¿ãŒå€ãå ±æããŸã
ç¹å®ã®æ¡æ°ã®ç¹å®ã®åºæ°ã§è¡šç€ºãããå€ã æå
èªèšŒã§ã¯ãããã€ã¹ãšãµãŒããŒãäžèŽãããã¹ã¯ãŒããèšç®ããå¿ èŠããããŸãã æ¯åã
ããã€ã¹ããã¹ã¯ãŒããçæãããšãã«ãŠã³ã¿ãŒãã€ã³ã¯ãªã¡ã³ããããŸãã ãµãŒããŒãäžèŽãåä¿¡ãããšã
ãã¹ã¯ãŒããã«ãŠã³ã¿ãŒãã€ã³ã¯ãªã¡ã³ãããŸãã XNUMXã€ã®ã«ãŠã³ã¿ãŒããªãå¯èœæ§ãããã®ã§
åæãããŠããªãå ŽåããµãŒããŒã®ç §åã¢ã«ãŽãªãºã ã¯éåžžãã¯ã©ã€ã¢ã³ãã®ãã¹ã¯ãŒããèš±å¯ããŸã
ã«ãŠã³ã¿ãŒå€ã®ããŠã£ã³ããŠãå ã«åãŸãããã«ããŸãã æéããŒã¹ã®æ¹æ³ãåæ§ã§ãäž»ãª
éãã¯ãçŸåšã® Unix æé (ã«ãã£ãŠè¿ããããã®) æé(3)[17]ãäŸãã°) ã¯
èšç®ã§ã«ãŠã³ã¿ãŒå€ãšããŠæ©èœãããæéã¹ããããŠã£ã³ããŠãã確ç«ããããã«äœ¿çšãããŸã
å®å šãªããã·ã¥ã®ã ããã€ã¹ãšãµãŒããŒã®ãªã¢ã«ã¿ã€ã ã¯ããã¯ãäžèŽããªãå¯èœæ§ãããããã
ååã«åæãããŠããå ŽåããµãŒããŒã®ãããã³ã° ã¢ã«ãŽãªãºã ã¯ã¯ã©ã€ã¢ã³ãã®
ãã¹ã¯ãŒãã¯ããããã®ããã€ã¹ã®ããã€ãã®æéã¹ããã ãŠã£ã³ããŠå ã«åãŸãããã«ããŸãã
ã»ãã¥ãªãã£
ããŒã¯ã³ã«ã¯ãæ°žç¶çãªç§å¯éµ (OTP ã·ãŒããšåŒã°ããããšããããŸã) ãå²ãåœãŠãããŸãã
ã¡ãŒã«ãŒãŸãã¯ããŒãããã°ã©ã å¯èœã§ããå¯èœæ§ããããŸãã ãã®ç§å¯éµã¯ãããŒã¯ã³ã®
ãã¹ã¯ãŒãã®çææé ãéèŠã§ãããç§å¯ã«ããŠããããšãéèŠã§ãã ããŒã¯ã³ã®å Žå
ããã°ã©ããã«ã§ã¯ãªããããŒã¯ãã³ããŒããååŸãããŸã (éåžžãHOTP ããŒã¯ã³ã®å Žå)
ããã€ã¹ã®ã·ãªã¢ã«çªå·ãš XNUMX ã€ã®é£ç¶ãããã¹ã¯ãŒããæäŸããããšã«ãã£ãŠ)ã èšé²
ã·ãªã¢ã«çªå·ããç§å¯éµãžã®åãããã³ã°ã¯ãå®å šãªå Žæã«ä¿ç®¡ããå¿ èŠããããŸãã
ç§å¯éµãããã°ã©ã å¯èœãªå Žå (ãœãããŠã§ã¢ ã¯ã©ã€ã¢ã³ãã®å Žåãšåæ§)ã
å°ãªããšã 128 ãããé·; æäœé 160 ããã ãããããã ã¶ã»
key ã¯ã16 æå (ãŸãã¯ãã以äž) ã®é·ãã® XNUMX é²æååã§è¡šãããŸãã ããŒã¯
ã©ã³ãã ãããã®æå·å質ã®ãœãŒã¹ããååŸããå¿ èŠããããŸãã äžéšã®ã¯ã©ã€ã¢ã³ãã¯
é©åãªããŒãçæã§ããŸããã䜿çšããããšãã§ããŸã ããã¯ã¹ãã¬(1)[18]ïŒ
% dacsexpr -e "random(string, 20)"
"bb2504780e8075a49bd88891b228fc7216ac18d9"
å 端
ããŒã¯ã³ã¯ãã³ã³ãã¥ãŒã¿ãŒã®ãµã€ã³ãªã³ä»¥å€ã®èªèšŒç®çã«ã䜿çšã§ããŸãã çºã«
ããšãã°ãã¢ã«ãŠã³ãçªå·ãPINãããã³ããŒã¯ã³å€ãæäŸããããšã§ã顧客ã¯ãã°ãã
é»è©±ã§èªèšŒããããããé«äŸ¡ãªèªèšŒã®å¿ èŠæ§ã軜æžãŸãã¯æé€ãããŸãã
æéã®ãããã»ãã¥ãªãã£ã®è³ªåã
ã¯ã³ã¿ã€ã ãã¹ã¯ãŒã ããã€ã¹ãšã¢ããªã±ãŒã·ã§ã³ã«ã¯ã次ã®æäœãã©ã¡ãŒã¿ããããŸãã
ãããã®ãã©ã¡ãŒã¿ã¯ãçæããããã¹ã¯ãŒã ã·ãŒã±ã³ã¹ã決å®ããŸãã ããã€ãã®éçš
ãã©ã¡ãŒã¿ã¯ïŒé¢é£ããæšæºãŸãã¯å®è£ ã«ããïŒåºå®ãããå ŽåããããŸããã
ãã®ä»ã¯ããŠãŒã¶ãŒãéšåçãŸãã¯å®å šã«æ§æã§ããå ŽåããããŸãã ãåç §ããŠãã ããã
詳现ã«ã€ããŠã¯ããªãã¡ã¬ã³ã¹ããã³è£œé å ã®ããã¥ã¡ã³ããåç §ããŠãã ããã
ããŒã¹
ãã¹ã¯ãŒãã衚瀺ãããåºæ°ã
ã«ãŠã³ã¿
HOTP ã¢ãŒãã®å Žåã®ã¿ãçŸåšã®ã«ãŠã³ã¿ãŒå€ã
æ°å
åã¯ã³ã¿ã€ã ãã¹ã¯ãŒãã®æ¡æ°ã
ããŒ
ç§å¯éµ (OTP ã·ãŒã)ã
ã·ãªã¢ã«ãã³ããŒ
ããã€ã¹ã®äžæã®èå¥åãŸãã¯ååã
æéã¹ããã ãµã€ãº
TOTP ã¢ãŒãã®å Žåã®ã¿ãåæéééã®å¹ (ç§åäœ)ã åããã¹ã¯ãŒã
æå®ãããééå ã§çæãããŸãã ã€ãŸããããã¯ãã©ã€ãã¿ã€ã ããŸãã¯æå¹æ§ã§ãã
å TOTP ãã¹ã¯ãŒãã®ããªãªãã
ãããã®ãã©ã¡ãŒã¿ã«å ããŠã ãã¯ã¹ããŒã±ã³ ã¢ã«ãŠã³ãããš (ã€ãŸããããã€ã¹ããš) ã«è€æ°ã®æ©èœã䜿çšããŸãã
ãã©ã¡ãŒã¿ïŒ
åãå ¥ããŠã£ã³ããŠ
HOTP ãã¹ã¯ãŒããæ€èšŒããå Žåãæ€èšŒåŸã«èæ ®ãããã¹ã¯ãŒãã®æ倧æ°ã
äºæ³ããããã¹ã¯ãŒãã
ããªãã
TOTP ã¢ãŒãã®å Žåã®ã¿ããµãŒããŒã®ã¯ããã¯ã調æŽããç§æ°
åæ¹ãŸãã¯åŸæ¹ã«ç§»åããŠãããã€ã¹ãšã®åæãæ¹åããŸãã ããã¯æ £ããŠãã
ã¯ããã¯ãååã«åæãããŠããªãããŒã¯ã³ãŸãã¯ã¯ã©ã€ã¢ã³ã ãœãããŠã§ã¢ãè£æ£ããŸãã
ãµãŒããŒã®ã
ããªãããŠã£ã³ããŠ
TOTP ã¢ãŒãå°çšã§ãããaccept-window ã«äŒŒãŠããŸãã
æ€èšŒæã«ååŸã«æ€çŽ¢ããéé (æéã¹ããã ãµã€ãºããš)
ç¹å®ã®ãã¹ã¯ãŒãã«å¯ŸããŠã
åæãªãããã¹
HOTP ã¢ãŒãã®å Žåã®ã¿ãé£ç¶ããå¿ èŠãããã¯ã³ã¿ã€ã ãã¹ã¯ãŒãã®æ°ã
ã¢ã«ãŠã³ããããã€ã¹ãšåæããŸãã
ãŠãŒã¶å
ã®åå DACS ããã€ã¹ã«ãã€ã³ããããã¢ã«ãŠã³ãã
ã¯ã³ã¿ã€ã ãã¹ã¯ãŒã ããã€ã¹ã«åºã¥ãèªèšŒã«ã¯ã次ã®å©ç¹ããããŸãã
· ãŠãŒã¶ãŒãèªèšŒãããã³ã«ãç°ãªããã¹ã¯ãŒããçæãããŸã (é«
確çïŒ; ãããã£ãŠããŠãŒã¶ãŒã¯ããã¹ã¯ãŒãããæžãçããããšã¯ã§ããŸããã
åžžã«å€åããŠããŸãã ãŠãŒã¶ãŒã¯èªåã®ãã¹ã¯ãŒããå¿ããããšãã§ããŸããã
· äžåºŠäœ¿çšããããšãHOTP ã¢ãŒãã®ãã¹ã¯ãŒãã¯ããã«ãæ¶è²»ãããã䜿çšãããå¯èœæ§ã¯ã»ãšãã©ãããŸããã
åã³é·ãéã é©åãªèšå®ãã©ã¡ãŒã¿ãTOTP ã¢ãŒãã®ãã¹ã¯ãŒã
æ¯èŒççãæéééã§èªåçã«ãæéåããã«ãªãããããªãå¯èœæ§ã¯äœã
é·ãéåã³äœ¿çšãããŸããã
· ã¯ãã㯠ããªããã®ä¿®æ£ãå¿ èŠãªãå ŽåãTOTP ã¢ãŒãã®ã¢ã«ãŠã³ãã¯èªã¿åãå°çšã«ããããšãã§ããŸãã
æäœ;
· ãã¹ã¯ãŒãã¯ç°¡åã«æšæž¬ã§ããæ°åãæååã§ããå¯èœæ§ã¯äœãããã
ã»ãšãã©ã®ãŠãŒã¶ãŒãéžæãããã¹ã¯ãŒãããã匷åã§ãã
· HOTP ããŒã¯ã³ã¯ãçžäº (ãåæ¹åã) èªèšŒæ¹æ³ã®åºç€ãšãªãããšãã§ããŸãã ã®
ãµãŒããŒã¯ããŠãŒã¶ãŒã®èº«å ã確èªããããã«ãããŒã¯ã³ã®æ¬¡ã®ãã¹ã¯ãŒãããŠãŒã¶ãŒã«è¡šç€ºããŸã (äž¡æ¹ãšã
ã«ãŠã³ã¿ãŒãé²ããããŒãã£ïŒãã¯ã©ã€ã¢ã³ãã¯ãµãŒããŒã«æ¬¡ã®ãã¹ã¯ãŒãã衚瀺ããŸã
圌ã®èº«å ã確èªããããã
· ã㌠ã¹ããã¡ããŠãŒã¶ãŒã®ã³ã³ãã¥ãŒã¿ã«ã€ã³ã¹ããŒã«ãããŠããå Žåãã¹ãããã£ã³ã°ããããã¹ã¯ãŒãã¯ç¡å¹ã«ãªããŸãã
ãªãéããæ»æè ã«äœãè¯ãããšããã äžéè æ»æ[19] å¯èœã§ãã äžãããã N
é£ç¶ãããã¹ã¯ãŒã ãã¹ã¯ãŒããèšç®ããããšã¯äŸç¶ãšããŠéåžžã«å°é£ã§ã N + 1 ç¡ã
ç§å¯éµãç¥ã£ãŠãã;
· ãŠãŒã¶ãŒãã¢ã«ãŠã³ããå ±æããããšã¯ããå°é£ã§ã (ãã ãããŠãŒã¶ãŒã¯å Žåã«ãã£ãŠã¯
ããã¯äžäŸ¿ã ãšèããŠãã ãã);
ã» ãã ãã¯ã¹ããŒã±ã³ PIN ãã¢ã«ãŠã³ãã«å²ãåœãŠãããæ»æè ãã¢ã«ãŠã³ãã®
æ»æè ã PIN ãç¥ããã«èªèšŒããããšã¯äŸç¶ãšããŠå°é£ã§ãã
· ã¢ã«ãŠã³ããç¡å¹ã«ããããã®è¿ éãã€å¹æçãªæ¹æ³ã¯ãåã«ã¢ã«ãŠã³ããå·®ãæŒãããããšã§ãã
ããŒããŠã§ã¢ ããŒã¯ã³ (äŸ: åŸæ¥å¡ã解éãããå Žå)ã
ãã®ããã°ã©ã ãŸãã¯ å€±å¹ ãªã¹ã[20]
· é»è©±ã PDA ãªã©ã®ã¢ãã€ã« ããã€ã¹ã§å®è¡ããããœãããŠã§ã¢ ã¯ã©ã€ã¢ã³ãã®å Žåã
ãŠãŒã¶ãŒã¯ãã§ã«ããã€ã¹ãæºåž¯ããŠããŸãã ç¡æã®ã¯ã©ã€ã¢ã³ããå©çšå¯èœã§ãã
è¿œå æéã¯ããããªãå ŽåããããŸã (ã¢ãã€ã« ããã€ã¹ã¯åããã®ãæäŸããªãå Žåãããããšã«æ³šæããŠãã ãã)ã
ããŒããŠã§ã¢ããŒã¯ã³ã®èã¿ã³ããŒæ§ãèä¹ æ§ãéµã®ç§å¯æ§ãã¯ããã¯ç²ŸåºŠãªã©)ã
ã¯ã³ã¿ã€ã ãã¹ã¯ãŒã ããã€ã¹ã«ã¯ã次ã®æœåšçãªæ¬ ç¹ããããŸãã
ã»ããŒããŠã§ã¢ããŒã¯ã³ã®äžæçãªè²»çšãçºçããŸãïŒè³Œå ¥éã«å¿ããŠã
ãããã 10 ãã«ãã 100 ãã«ã®æ¯æããäºæ³ãããŸã)ã
çŽå€±ãŸãã¯ç ŽæããããŒã¯ã³ããŸãã¯ããŒã¯ã³ã®ããããªãŒã亀æããŸã (äžéšã®ãŠãããã«ã¯
亀æäžå¯èœãªããããªãŒã§ãããæ°å¹ŽåŸã«ã¯äœ¿ãæšãŠã«ãªããŸã);
ã»åæèšå®ãä»ã®èªèšŒããããé£ãã
ããã€ã¹ã«æ £ããŠããªããŠãŒã¶ãŒã¯ããã®æ¹æ³ã«ã€ããŠèª¬æããå¿ èŠããããŸãã
䜿çšãã;
· éåžžã¯éåžžã«å°ãã (äŸ: 5cm x 2cm x 1cm)ã
ããŒãã§ãŒã³ãã¹ãã©ããããŸãã¯è²¡åžã«å ¥ããŠãããšããŠãŒã¶ãŒã¯ããŒã¯ã³ãæã¡æ©ããªããã°ãªããªãããšã«ã²ãããããããŸãã
圌ããšäžç·ã«ã
· ãŠãŒã¶ãŒã¯ãããŒã¯ã³ãæã£ãŠããããšãå¿ããããããŒã¯ã³ãçŽå€±ãããããå¯èœæ§ããããŸãã
· ã¢ãã€ã« ããã€ã¹ (ãœãããŠã§ã¢ ã¯ã©ã€ã¢ã³ããå«ã) ã¯ãããããçé£ã®ã¿ãŒã²ããã«ãªãå¯èœæ§ããããŸãã
ããŒããŠã§ã¢ããŒã¯ã³ãããããã§ãïŒãããã£ãŠããã®ããã€ã¹ã®PINã®éèŠæ§ã¯ããã«é«ããªããŸãïŒã
· ããŒãçŒãä»ããããŠã¢ã¯ã»ã¹ã§ããªãããŒããŠã§ã¢ ããŒã¯ã³ãšã¯ç°ãªããæ¹ããé²æ¢
ãœãããŠã§ã¢ã¯ã©ã€ã¢ã³ãã«èšå®ãããããŒã¯ããã®ã¡ã¢ãªã«ãã£ãŠèªã¿åããå¯èœæ§ããããŸãã
ææè ãã¢ã«ãŠã³ãã®å ±æãå¯èœã«ãã;
· ã¢ãã€ã« ããã€ã¹ã« 40 æå以äžã®ã·ãŒãå€ãå ¥åãããšãã€ã©ã€ã©ããããšããããŸãã
ãšã©ãŒãçºçããããã
· TOTP ããã€ã¹ããã¹ã¯ãŒããçæãããšãæ°ãããã¹ã¯ãŒãã¯ã
次ã®æéã¹ããã ãŠã£ã³ããŠã§ããŠãŒã¶ãŒã¯ 30 (ãŸãã¯å Žåã«ãã£ãŠã¯ 60) ç§åŸ æ©ããå¿ èŠããããŸã (äŸ:
å ¥åãã¹ããã£ãå Žå);
· äžéšã®ããã€ã¹ã¯ãæãå Žæã§ã¯èªã¿åããå°é£ã§ãã èçŒãŠãŒã¶ãŒãšãã®æ¹
èŠèŠé害ã®ãããŠãŒã¶ãŒã¯ããã£ã¹ãã¬ã€ãèªãã®ãå°é£ãªå ŽåããããŸãã
ã¢ã«ãŠã³ã
ã管çããã¢ã«ãŠã³ã ãã¯ã¹ããŒã±ã³ ã«ãã£ãŠäœ¿çšãããã¢ã«ãŠã³ããšã¯å®å šã«åé¢ãããŠããŸãã
local_passwd_authenticate[21] ãŸãã¯ãã®ä» DACS èªèšŒã¢ãžã¥ãŒã«ã
HOTP ããã³ TOTP ããã€ã¹ã®ã¢ã«ãŠã³ãã¯ãçµåããããå¥ã ã«ä¿æããããšãã§ããŸãã ä»®æ³ã®å Žå
filestore ã¢ã€ãã ã¿ã€ã auth_hotp_token ãå®çŸ©ãããŠãããé¢é£ä»ããããã¢ã«ãŠã³ãã«ã®ã¿äœ¿çšãããŸã
HOTPããŒã¯ã³ã䜿çšã åæ§ã«ãä»®æ³ãã¡ã€ã«ã¹ã㢠ã¢ã€ãã ã¿ã€ã auth_totp_token ã
å®çŸ©ãããŠãããããTOTP ããŒã¯ã³ã«é¢é£ä»ããããã¢ã«ãŠã³ãã«ã®ã¿äœ¿çšãããŸãã ããããã®ã¢ã€ãã ã¿ã€ãã
å®çŸ©ãããŠããŸãããã¢ã«ãŠã³ãã¯æ¬¡ã®æ¹æ³ã§ã¢ã¯ã»ã¹ãããŸã DACSã® é ç®ã¿ã€ãã䜿çšããä»®æ³ãã¡ã€ã«ã¹ãã¢
auth_token. ã¢ã«ãŠã³ã ããŒã¿ããŒã¹ã®ãã¡ã€ã« ã¢ã¯ã»ã¹èš±å¯ã¯ããã¹ãŠã®
ã¢ã¯ã»ã¹ã¯ç®¡çè ã«éå®ããã local_token_authenticate.
XNUMX ã€ã®ããã€ã¹ ã¿ã€ãã®ã¢ã«ãŠã³ãã çµã¿åããããåãŠãŒã¶ãŒåã®
å人ãäž¡æ¹ã®ã¿ã€ãã®ããŒã¯ã³ãæã£ãŠããå ŽåãèªèšŒæ¹æ³ã¯äžæã§ãªããã°ãªããŸããã
ç°ãªããŠãŒã¶ãŒåãå²ãåœãŠãããŸãã ããšãã°ãAuggie ã XNUMX ã€ã® HOTP ããŒã¯ã³ãš XNUMX ã€ã® HOTP ããŒã¯ã³ãæã£ãŠãããšããŸãã
TOTP ããŒã¯ã³ãåè ã¯ãŠãŒã¶ãŒå auggie-hotp ã«å¯Ÿå¿ããåŸè 㯠auggie-hotp ã«å¯Ÿå¿ããŸãã
auggie-topp; ãµã€ã³ãªã³ ãã©ãŒã ã«ã¯ãAuggie ãèš±å¯ããããã€ã¹ ã¢ãŒãå ¥åãå«ãŸããå ŽåããããŸãã
ãŠãŒã¶ãŒåãã£ãŒã«ãã«ãauggieããšå ¥åããã ãã§ãJavaScript ãèªåçã«
éžæããããã€ã¹ ã¢ãŒãã«åºã¥ãé©åãªãµãã£ãã¯ã¹ã ããã®æãããªæ¬ ç¹
æ§æã¯ããããXNUMXã€ã®ç°ãªãçµæã«ãªãããšã§ã DACS åäžå人ã®èº«å ;
Auggie ãèå¥ããããã«ã¢ã¯ã»ã¹å¶åŸ¡ã«ãŒã«ãå¿ èŠãªå Žåã¯ããããèŠããŠããå¿ èŠããããŸãã
æ瀺çã«ã äž¡æ¹ã®ããŒã¯ã³ãåãã«ãããããå¿ èŠãããå Žå DACS IDãAuth å¥ã¯
èªèšŒãæåããåŸã«ãµãã£ãã¯ã¹ãåãé€ããŸããã管çè ã¯ãã®åŸ
ãããããç°ãªãããã€ã¹ ã¿ã€ãã䜿çšããŠãã XNUMX ã€ã®ç°ãªã Auggie ã®ã±ãŒã¹ã«æ³šæããå¿ èŠããããŸãã
auth_hotp_token ãš auth_totp_token ã¢ã€ãã ã¿ã€ãã®äž¡æ¹ (ãŸãã¯ãããã® XNUMX ã€ã ã) ãæ§æãã
ããã³ auth_token) ã¯ãã¢ã«ãŠã³ããå¥ã ã«ä¿æããåããŠãŒã¶ãŒåã䜿çšã§ããããã«ããŸãã
äž¡æ¹ã®ã¿ã€ãã®ããã€ã¹ã ãããã£ãŠãAuggie ã¯åãã¢ã«ãŠã³ã ã¬ã³ãŒããæã€ããšãã§ããŸãã
äž¡æ¹ã®ããã€ã¹ ã¿ã€ãã®ãŠãŒã¶ãŒåã ãã®ã¢ãããŒãã§ã¯ãããã€ã¹ ã¢ãŒããæå®ããå¿ èŠããããŸã
æ£ããã¢ã€ãã ã¿ã€ãã䜿çšã§ããããã«æäœãèŠæ±ããããšãã ãã®æå³ã¯
ãŠãŒã¶ãŒã¯ãèªåã䜿çšããŠããããã€ã¹ã®ã¿ã€ããç¥ã£ãŠããå¿ èŠããããŸã (ããããã©ãã«ã貌ãããšã«ãã£ãŠ)ã
ã«é¢ããéèŠãªè©³çŽ°ãåç §ããŠãã ããã DACS ã¢ã€ãã³ãã£ãã£[22]ã
ã -vfs auth_token é ç®ã¿ã€ããæ§æãŸãã¯åæ§æããããã«äœ¿çšãããŸãã
ããŒã®é·ãã®æå°èŠä»¶ãæºããããŒã®ã¿ (16 ãã€ã) ã§ä¿åã§ããŸã
ã¢ã«ãŠã³ãæ å ± (äŸ: -ã»ãããã or -èŒžå ¥ïŒã ä»ã®ã³ã³ããã¹ãã§ã¯ãèŠä»¶ã¯
匷å¶ãããŸããã
ç§å¯éµã¯ ãã¯ã¹ããŒã±ã³ ã¢ã«ãŠã³ããã¡ã€ã«ã«æžã蟌ãŸãããšãã ã®
ä»®æ³ãã¡ã€ã«ã¹ã㢠ã¢ã€ãã ã¿ã€ã auth_token_keys ã¯ãæå·åããŒãèå¥ããŸã ãã¯ã¹ããŒã±ã³
䜿çšãã; ã® -inkeys & -outkeys ãã©ã°ã¯ä»£æ¿ãæå®ããŸã (ã ããã¯ã¹ããŒ(1)[23])ã ãã
æå·åããŒã倱ããããšãç§å¯ããŒã¯å®è³ªçã«å埩ã§ããªããªããŸãã
éèŠ
æ»æè ãç§å¯éµãçºèŠããå Žåãææããã«äœ¿çšå¯èœãªãã¹ã¯ãŒããçæããŸã
ããŒã¯ã³ã¯é£ãããããŸããã å°ãªããšãäžéšã®ããŒããŠã§ã¢ ããŒã¯ã³ã§ã¯ãããŒãçŒãããŠããŸã
ããã€ã¹ã«æ¿å ¥ãããå€æŽã§ããŸããã ãã®å ŽåãããŒãæŒæŽ©ãããšãããã€ã¹
ç Žå£ããå¿ èŠããããŸãã ããŒã¯ã³ãçŽå€±ããå Žåã¯ã察å¿ããã¢ã«ãŠã³ããç¡å¹ã«ããå¿ èŠããããŸãã
æ»æè ãçŽå€±ããããŒã¯ã³ãèŠã€ããããç§å¯éµãçºèŠããå Žåã匷åãª
ã¢ã«ãŠã³ãã«é¢é£ä»ãããã PIN ã«ãããæ»æè ãååŸããããšãå°é£ã«ãªããŸã
ã¢ã¯ã»ã¹ã
éèŠ
· ãã®èªèšŒæ¹æ³ã¯ã次㮠OTP 補åã«å¯ŸããŠãã¹ããããŠããŸãã
· ãªãŒã»ããã¯ã¹ ãã 3600[24] ã¯ã³ã¿ã€ã ãã¹ã¯ãŒã (HOTP) ããŒããŠã§ã¢ ããŒã¯ã³ã
· Feitian ãã¯ãããžãŒ[25] OTP C100 ããã³ OTP C200 ã¯ã³ã¿ã€ã ãã¹ã¯ãŒã ããŒããŠã§ã¢
ã«ãã£ãŠæäŸãããããŒã¯ã³ ãã€ããŒã»ã㥠æ å ± ã·ã¹ãã [26]; ãš
· èªã Next[27] äž¡æ¹ãå®è£ ãã Archie Cobbs ã«ãããœãããŠã§ã¢ ã¢ããªã±ãŒã·ã§ã³ã
äžã® HOTP ããã³ TOTP iPodã® æ¥ããã iPhone & iPad[28]ã
· ãã§ã€ãã£ã¢ã³ãã¯ãããžãŒãº ã¢ã€ãªãŒã¹ ã©ã€ã[29] iPodçšHOTPãœãããŠã§ã¢ã¢ããªã±ãŒã·ã§ã³
ã¿ãããiPhoneãiPadã
èªç€Ÿè£œåã®ãµããŒãã«é¢å¿ã®ããä»ã®ã¡ãŒã«ãŒ DACS ã
Dssã«é£çµ¡ããããšãæè¿ããŸãã
· åç[30]: Feitian OTP C200ãOATH Token ã¢ããªãæèŒãã iPod TouchãAuthenex A-Key
3600 (å·Šäžããæèšåã)
· ãã®å®è£ ã¯é¡äŒŒã®é©å補åã§åäœããã¯ãã§ããã
ãããã®è£œåã¯ã DACS.
· ããŒããŠã§ã¢ ããŒã¯ã³ã¯ãã³ããŒããçŽæ¥è³Œå ¥ã§ããŸãã
· ããŒã¯ã³ã䜿çšããŠèªèšŒããéã®åé¡ DACS ã§ã¯ãããŸãã
ããŒã¯ã³ãã³ããŒã®è²¬ä»»ã
ã€ã³ããŒã & ãšã¯ã¹ããŒã OTP ã¢ã«ãŠã³ã
ã¢ã«ãŠã³ããšãã®ããŒã¯ã³ã®èª¬æã¯ãããŒããŸãã¯ãã³ãã§ããŸã ( -èŒžå ¥
& -æžãåºã ãã©ã°)ã ããã«ãããäžæ¬ããããžã§ãã³ã°ãããã¯ã¢ãããããã³ç§»æ€æ§ãç°¡çŽ åãããŸãã ã®
ã¢ã«ãŠã³ãæ å ±ã¯ãåçŽãªã¢ããªã±ãŒã·ã§ã³åºæã® (ã»ãŒ) XML 圢åŒã§èšè¿°ãããŸãã
ã«ãã£ãŠç解ãããåœ¢åŒ ãã¯ã¹ããŒã±ã³ ã«ãŒãèŠçŽ (ãotp_tokensã) ã§æ§æããããã®åŸã«
XNUMX å以äžã®ãotp_tokenãèŠçŽ ãXNUMX è¡ã« XNUMX ã€ãããããå¿ é ããã³ãªãã·ã§ã³
å±æ§ (åŸè¿°)ã XML 宣èšã¯çç¥ããªããã°ãªããŸããã å é ã®ç©ºçœãš
åäžè¡ã® XML ã³ã¡ã³ããšåæ§ã«ã空çœè¡ã¯ç¡èŠãããŸãã ããã«ãã#ããå«ãè¡
æåã®é空çœæåã¯ç¡èŠãããããã§ãã ãªããªãã·ã§ã³ã®å±æ§
çŸåšã¯ããã©ã«ãå€ãå²ãåœãŠãããŠããŸãã ããã©ã«ãã®ãã€ãžã§ã¹ã ã¢ã«ãŽãªãºã 㯠SHA1 ã§ãã çãå±æ§
ååã¯ã¹ããŒã¹ãç¯çŽããããã«äœ¿çšãããŸãã èªèãããŠããªãå±æ§ãããã³
ããã€ã¹ ã¢ãŒãã¯ç¡èŠãããŸãã XML å±æ§å ã®äžéåŒçšç¬ŠãŸãã¯äºéåŒçšç¬Š (ãŸãã¯äž¡æ¹)
å€ã¯ã察å¿ãããšã³ãã£ãã£åç § ("'" ããã³ """ã
ãããã)ã"<" (å°ãªã) ããã³ "&" (ã¢ã³ããµã³ã) æåãå¿ èŠã§ãã A ">" (倧ãã
than) æåã¯ãªãã·ã§ã³ã§ ">" ã·ãŒã±ã³ã¹ã«çœ®ãæããããšãã§ããŸãããä»ã®ãšã³ãã£ãã£ã¯çœ®ãæããããŸãã
åç §ãèªèãããŸãã
èªèãããå±æ§ã¯æ¬¡ã®ãšããã§ãã
ã»bïŒ
ããŒã¹
-- OTP å€ã®åºæ°
[ãªãã·ã§ã³:
10 ïŒããã©ã«ãïŒã
16ãŸã㯠32]
· c:
ã«ãŠã³ã¿
-- HOTP ã®çŸåšã®ã«ãŠã³ã¿ãŒå€ (å è¡ããå Žå㯠XNUMX é²æ°)
"0x" (ãŸã㯠"0X")ããã以å€ã®å Žå㯠XNUMX é²æ°
[ãªãã·ã§ã³:
ããã©ã«ã㯠0]
· ã:
OTP ããã€ã¹ ã¢ãŒã
-- "c" (HOTP ã®å Žå)
ãŸã㯠"t" (TOTP ã®å Žå)
[å¿ é ]
· åå:
ãã€ãžã§ã¹ãå
-- ã»ãã¥ã¢ ããã·ã¥ ã¢ã«ãŽãªãºã ã® XNUMX ã€
[ãªãã·ã§ã³:
SHA1 (ããã©ã«ã)ã
SHA224ãSHA256ã
SHA384ââ512ãSHAXNUMX]
· å士:
ã¯ããã¯ããªãã
-- TOTP ã®ã¯ããã¯èª¿æŽ (ç§åäœ)
[ãªãã·ã§ã³]
· ãšã¯:
æå·åããŒ
-- æå·åãããç§å¯éµãbase-64 ãšã³ã³ãŒã
[å¿ é ïŒ
OTP ã¢ã«ãŠã³ã ã¬ã³ãŒãã®ã¿]
· ja:
æå¹ç¶æ
-- 1 æå¹ã«ããããã«ã
0 é害è çš
[å¿ é ]
ã»k:
å¹³æããŒ
-- æå·åãããŠããªãç§å¯éµ
[å¿ é ]
· ã«:
æåŸã®æŽæ°
-- æåŸã®ã¬ã³ãŒãæŽæ°ã® Unix æå»
[ãªãã·ã§ã³: ããã©ã«ãã¯çŸåšã®æå»]
·nd:
næ¡
-- OTP å€ã®æ¡æ°
[ãªãã·ã§ã³:
ããã©ã«ã㯠6 HOTPã®å Žåã
8 TOTPã®å Žå]
· p:
å¹³æ-PIN
-- ã¢ã«ãŠã³ãã®å¹³æã® PIN å€
[å¿ é ïŒ
ph ãååšããªãéãã
èŒžå ¥å°çšã
ã»ph:
ããã·ã¥ PIN
-- ã¢ã«ãŠã³ãã®ããã·ã¥åããã PIN å€
[ãªãã·ã§ã³:
ã«ãã£ãŠçæãããŸã ãã¯ã¹ããŒã±ã³
ãšã¯ã¹ããŒãããã³ OTP ã¢ã«ãŠã³ã ãã¡ã€ã«ã®ã¿]
· s:
ã·ãªã¢ã«ãã³ããŒ
-- ããã€ã¹ã®äžæã®èå¥åæåå
[å¿ é ]
· ts:
æéã¹ããã
-- TOTP ã®æéã¹ãããå€ (ç§åäœ)
[ãªãã·ã§ã³:
ããã©ã«ã㯠30]
· ããªã:
ãŠãŒã¶å
-- æå¹ãª DACS ãã®ã¢ã«ãŠã³ãã«é¢é£ä»ãããããŠãŒã¶ãŒå
[å¿ é ]
次ã®äŸã¯ã -èŒžå ¥ ãã©ã°ïŒ
ã»ãã¥ãªãã£
ã€ã³ããŒããããã¬ã³ãŒãã«ã¯ãOTP ããã€ã¹ã®æå·åãããŠããªãç§å¯éµãå«ãŸããŠããããã
ãšã¯ã¹ããŒãããããã¡ã€ã«ã¯æå·åããããŸãŸã«ããŠããå¿ èŠããããŸã (ããšãã°ã opensslã®) ãŸãã¯å°ãªããšãæã£ãŠãã
é©åãªãã¡ã€ã«èš±å¯ã
Note
OTP ããã€ã¹ ããããžã§ãã³ã°ã®æšæºãã©ãŒããããéçºãããŠããŸãã ãã®ãã©ãŒãããã¯
ã®å°æ¥ã®ããŒãžã§ã³ã«ãã£ãŠç解ããã ãã¯ã¹ããŒã±ã³ããŸãã¯å€æãŠãŒãã£ãªãã£ãèšè¿°ãããŠããå¯èœæ§ããããŸãã
æšæºåœ¢åŒã¯ãæšæºåœ¢åŒãããããªãè€éã«ãªãå¯èœæ§ããããŸãã DACS 圢åŒã§ããŠã³ããŒãããããšãã§ããŸãã
OPTIONS
æšæºã«å ã㊠ããã¯ã¹ãªãã·ã§ã³[1]ãã³ãã³ã ã©ã€ã³ ãã©ã°ã®é·ããªã¹ãã¯æ¬¡ã®ãšããã§ãã
èªèãããã ãšã ãŠãŒã¶å ãã®ã¢ã«ãŠã³ãã«é¢é£ä»ããããŠããããã©ã«ãå€ã¯æ¬¡ã®ãšããã§ãã
ãã以å€ã®å Žåã¯ãæšå¥šãŸãã¯å®è£ åºæã®ããã©ã«ãã䜿çšãããŸãã ãããã®ããã©ã«ã
éåžžãå€ã¯ã³ãã³ã ã©ã€ã³ã§ãªãŒããŒã©ã€ãã§ããŸãã äžéšã®ãã©ã°ã¯ã
ç¹å®ã®ããŒã¯ã³ ã¢ãŒã (äŸ: -ã«ãŠã³ã¿ãŒ, -ãããã·ã§ãŒ) ããã³ãããã®å€èŠ³ã¯ããã®ã¢ãŒããæå³ããŸãã
ãã® -ã¢ãŒã ãã©ã°ã¯äžèŠã§ãã ä»ã®ãã©ã°ã¯ã¢ãŒãã«äŸåããŸãã (äŸ: -åé€,
-æå¹ïŒã çžäºã«äºææ§ã®ãªããã©ã°ã®çµã¿åããã䜿çšãããšãšã©ãŒã«ãªããŸãã ãã©ã°
éžæãããæäœã§æå³ã®ãªããã®ã¯ç¡èŠãããŸããããããã¯ã¢ãŒããæ瀺ããŠããŸãã
XNUMX é²å€ã¯ã倧æåãšå°æåãåºå¥ãããŸããã ã«ãŠã³ã¿ãŒå€ãå¿ èŠã ãæå®ãããŠããªãå Žå
(ããšãã°ãã¢ã«ãŠã³ããäœæãããšã)ããŒãã®åæã«ãŠã³ã¿ãŒå€ã䜿çšãããŸãã
ã éçšä»æ§ å®è¡ããæäœã XNUMX å以äžãšå ±ã«æå®ããŸã 修食å
ãã©ã°ã ããã éçšä»æ§ ãæ¬ èœããŠããã -ãªã¹ã æäœãå®è¡ãããŸãã ã¢ã³ éçšä»æ§ ã®äžã€ã§ãããŸã
次ã®ãšããã§ãã
-èªèšŒ otpå€
ãã®æã¯ãŸã㧠-æ€èšŒ[31]ã以äžãé€ã:
ã» NS ãŠãŒã¶å ãã¹ãŠã®ãã©ã¡ãŒã¿ãååŸãããŸãïŒããŒãªã©ïŒã
· ã¢ã«ãŠã³ãã« PIN ãããå Žåã¯ããããæäŸããå¿ èŠããããŸãã
· ã¢ã«ãŠã³ãã HOTP ããŒã¯ã³ã®å ŽåãèªèšŒæã«ã«ãŠã³ã¿ãŒãæŽæ°ãããŸãã
æåã§ãã
ãŒãã®çµäºã¹ããŒã¿ã¹ã¯èªèšŒã®æåã瀺ãããã以å€ã®å€ã¯ãã¹ãŠ
èªèšŒã«å€±æããããšãæå³ããŸãã
-å€æ ãã¡ã€ã«å
ããå€ãåœ¢åŒ (ãªãªãŒã¹ 1.4.25 ããå) ã®ããŒã¯ã³ ã¢ã«ãŠã³ã ãã¡ã€ã«ãããŒãããŸãã ãã¡ã€ã«å ("-"
stdin ããèªã¿åãããšãæå³ããŸã)ããããæ°ãã圢åŒã«å€æããstdout ã«æžã蟌ã¿ãŸã (
by -æžãåºãïŒã ãã®ãã©ã°ã¯éæšå¥šã§ããããã®æ©èœã¯å°æ¥åé€ãããäºå®ã§ã
ã®ãªãªãŒã¹ DACS.
-äœæ
ã®ã¢ã«ãŠã³ããäœæãã ãŠãŒã¶åããŸã ååšããŠããŠã¯ãªããŸããã ä»ã®ç¹ã§ã¯
ã®ããã«åäœããŸã -ã»ãããã[32]ã æ°èŠã¢ã«ãŠã³ãäœææã -ã·ãªã¢ã« ãå¿ èŠã§ããã -ã㌠is
æ瀺ã ããã -æå¹ ã¢ã«ãŠã³ãã®äœææã«ãã©ã°ãæäŸããã -ç¡å¹ã«ãã æ瀺ãããŠããŸãã
ãªãå Žå -ã«ãŠã³ã¿ãŒ ãã©ã°ãæå®ãããŠããå Žåãããã©ã«ãã®ãŒãã䜿çšãããŸãã PIN ãã©ã°ã® XNUMX ã€ã
ååšããå Žåãæå®ããã PIN ãã¢ã«ãŠã³ãã«å²ãåœãŠãããŸãããã以å€ã®å Žåãã¢ã«ãŠã³ãã¯å²ãåœãŠãããŸããã
PIN ãæã£ãŠãã (ãŸãã¯æ¢åã® PIN ã¯å€æŽãããŸãã)ã
-çŸåš
çŸåšã®ç§»åèŠå (ã€ãŸããHOTP ãŸãã¯ééã®ã«ãŠã³ã¿ãŒå€) ã衚瀺ããŸãã
TOTP ã®å€) ããã³æåŸ ããã OTP ãŠãŒã¶å. HOTP ã®å Žåãã«ãŠã³ã¿ãŒãé²ã¿ãŸãã å šãŠ
ãã©ã¡ãŒã¿ã¯ã¢ã«ãŠã³ãããååŸãããŸãã
-åé€
ã®ã¢ã«ãŠã³ããåé€ãã ãŠãŒã¶å. ããã€ã¹ã®ç§å¯éµãšãã®ä»ã®æäœ
ãã©ã¡ãŒã¿ã倱ãããŸãã
-ãã«ãã³
ã®ã¢ã«ãŠã³ãã« PIN ãããå Žåã¯åé€ããŸãã ãŠãŒã¶åãã¢ã«ãŠã³ããªãã§ã¢ã«ãŠã³ããé¢ãã
PIN
-æžãåºã
ãã¹ãŠã®ã¢ã«ãŠã³ãã«é¢ããæ å ±ãæžã蟌ãããå Žåã«ãã£ãŠã¯ XNUMX ã€ã®ã¢ã«ãŠã³ãã®ã¿ãæžã蟌ã¿ãŸãã ãŠãŒã¶å ã«äžãããã
æšæºåºåã ãã ããã¢ãŒããéžæãããŠããå Žåã¯ããã®ã¢ãŒããæã€ã¢ã«ãŠã³ãã®ã¿ã
æžããã ãã®æ å ±ã¯ã -èŒžå ¥ or -ã€ã³ããŒã-眮æã åºå
æå·åããã圢åŒã§ä¿åããããå°ãªããšããã®ãã¡ã€ã«æš©éãæã£ãŠããå¿ èŠããããŸã
é©åã«èšå®ããŸãã äŸãã°ïŒ
% dacstoken -uj äŸ -export | openssl enc -aes-256-cbc > dacstoken-exported.enc
åŸã§ã次ã®ãããªããšããããããããŸãã:
% openssl enc -d -aes-256-cbc < dacstoken-exported.enc | dacstoken -uj äŸ -import -
-h
-å©ããŠ
ãã«ãã¡ãã»ãŒãžã衚瀺ããŠçµäºããŸãã
-ãããã·ã§ãŒ NUM
ãã£ã¹ãã¬ã€ NUM æå®ãããã«ãŠã³ã¿ãŒå€ãšããŒããã®é£ç¶ãã HOTP ãã¹ã¯ãŒãã ã®
-ã«ãŠã³ã¿ãŒ flag ã䜿çšããŠãåæã«ãŠã³ã¿ãŒå€ãæå®ã§ããŸãã ããŒã¯
ã䜿çšããŠæå® -ããŒ, -ããŒãã¡ã€ã«ãŸã㯠-ããŒããã³ããã ãã ãŠãŒã¶å ãæäŸãããŠããå Žåã
æåã®ã«ãŠã³ã¿ãŒå€ãšããŒã¯ããŠãŒã¶ãŒã® HOTP ã¢ã«ãŠã³ãããååŸãããŸãã
å€ã¯ã³ãã³ã ã©ã€ã³ã§ãªãŒããŒã©ã€ããããŸãã ã¢ã«ãŠã³ãã®ä¿åãããã«ãŠã³ã¿ãŒå€ã¯ãããŸãã
å€æŽãããŸããã ããã¯äž»ã«ãããã°ãç®çãšããŠããŸãã
-èŒžå ¥ ãã¡ã€ã«å
-ã€ã³ããŒã-眮æ ãã¡ã€ã«å
ããã¢ã«ãŠã³ããšããŒã¯ã³æ å ±ãèªã¿èŸŒã¿ãŸã ãã¡ã€ã«å; ãã ãã¡ã€ã«å "-" ã®å Žåãstdin ãèªã¿èŸŒãŸããŸãã
ã¢ãŒããéžæãããŠããå Žåããã®ã¢ãŒããæã€ã¢ã«ãŠã³ãã®ã¿ãèªã¿åãããŸãã ãš -èŒžå ¥ ããã¯
ã€ã³ããŒããããã¢ã«ãŠã³ããæ¢ã«ååšããå Žåã¯ãšã©ãŒãšãªããåŠçãåæ¢ããŸãã -ã€ã³ããŒã-眮æ
æ¢åã®ã¢ã«ãŠã³ããã€ã³ããŒããããããŒã¿ã«çœ®ãæããŸãã
-l
-ãªã¹ã
-é·ãã§ã
If ãŠãŒã¶å æäŸããã察å¿ããã¢ã«ãŠã³ãã«é¢ããæ å ±ã衚瀺ããŸãã ãã
-ã·ãªã¢ã« ãã©ã°ãæå®ãããŠããå Žåãæå®ãããã·ãªã¢ã«ã®ã¢ã«ãŠã³ãã«é¢ããæ å ±ã衚瀺ããŸã
çªå·; ãã以å€ã®å Žåã¯ããã¹ãŠã®ã¢ã«ãŠã³ããäžèŠ§è¡šç€ºããŸãã ãã -ã¢ãŒã ãããã®å Žåã®ããããã§ãã©ã°ãæå®ãããŸãã
ãã ããåäœã¢ãŒããæå®ãããŠããã¢ã«ãŠã³ãã®ã¿ããªã¹ãããŠãã ããã ãããªã
ãã©ã°ãç¹°ãè¿ããããã -é·ãã§ã ãã©ã°ã詳现ã衚瀺ãããŸã: ããã€ã¹ã®çš®é¡ã
ã¢ã«ãŠã³ãã®ç¶æ ãããã€ã¹ã®ã·ãªã¢ã«çªå·ãã«ãŠã³ã¿ãŒå€ (HOTP ã®å Žå)ãã¯ãã㯠ããªããå€ (
TOTP)ãã¢ã«ãŠã³ãã« PIN (ã+ããŸãã¯ã-ãèšå·ã§ç€ºããã) ããããã©ãããããã³
ã¢ã«ãŠã³ããæåŸã«å€æŽãããæ¥æã
-ååãå€æŽ æ°ãããŠãŒã¶å
ã®æ¢åã®ã¢ã«ãŠã³ãã®ååãå€æŽãã ãŠãŒã¶å ããã«ããã«ã¯ æ°ãããŠãŒã¶åããããŠæ°ãã
ã³ãã³ãã©ã€ã³åŒæ°ã䜿çšããã¢ã«ãŠã³ã ( -ã»ãããã[32])ã ããã«ã¯XNUMXã€ã®ã¹ããããå¿ èŠãªã®ã§
ãšã©ãŒãçºçããå Žåãæ°ããã¢ã«ãŠã³ãã
äœæãããå€ãã¢ã«ãŠã³ãã¯åŒãç¶ãååšããŸãã
-ã»ãããã
ã -ã»ãããã ãã©ã°ã¯ãæ¢åã®ã¢ã«ãŠã³ããå€æŽããããã«äœ¿çšãããŸã ãŠãŒã¶å XNUMXã€ä»¥äžã«åºã¥ã
修食ååŒæ° (-ããŒã¹, -ã«ãŠã³ã¿ãŒ, -æ¡, -ç¡å¹ã«ãã or -æå¹, -ã㌠ïŒãŸã㯠-ããŒãã¡ã€ã«
or -ããŒããã³ãã), -pin ïŒãŸã㯠-ãã³ãã¡ã€ã« or -ãã³ããã³ããïŒããŸã㯠-ã·ãªã¢ã«ïŒã ã¢ãŒãã
æå®ã§å€æŽ -ã¢ãŒãããã ããã¢ã«ãŠã³ãã«é¢é£ä»ããããã¢ãŒãåºæã®ãã©ã¡ãŒã¿ãŒ
ã¯å€±ãããŸã (ããšãã°ãHOTP ã¢ã«ãŠã³ããç¡å¹ã«ãªã£ãå ŽåãçŸåšã®ã«ãŠã³ã¿ãŒå€ã¯åé€ãããŸã
TOTP ã¢ã«ãŠã³ãã«å€æŽ) ãšäžè¬ãã©ã¡ãŒã¿ (ã·ãªã¢ã«çªå·ãªã©)
ã³ãã³ãã©ã€ã³ã§ãªãŒããŒã©ã€ãããªãéãä¿æãããŸãã
- åæ ãã¹ã¯ãŒããªã¹ã
HOTP ã¢ãŒãã§ã¯ãããã¯ãµãŒããŒãããŒã¯ã³ãšåæããããšããŸãã ãŠãŒã¶åãéžæããŸãã
ãã¹ã¯ãŒããªã¹ã ã«ãã£ãŠçæããã XNUMX ã€ã®é£ç¶ãããã¹ã¯ãŒãã®ã«ã³ãåºåãã®ãªã¹ãã§ãã
ãŠãŒã¶ãŒã®ããŒã¯ã³ (ãã®ãèªååæãæ©èœã¯ã
local_token_authenticate[3])ã æå®ãããã·ãŒã±ã³ã¹ã¯ãèšç®ãããã·ãŒã±ã³ã¹ãšäžèŽããå¿ èŠããããŸã
æ£ç¢ºã«ãæå¹ãªæäœãã©ã¡ãŒã¿ãäžããããŸãã ããšãã°ãå è¡ãŒãã¯
æå¹ãªè¡šç€ºåºæ°ãš OTP æ¡æ°ãšåæ§ã«éèŠã§ãã ããã
åæãæåãããšããŠãŒã¶ãŒã¯æ¬¡ã®èªèšŒã䜿çšããŠèªèšŒã§ããã¯ãã§ãã
ããã€ã¹ã«ãã£ãŠçæããããã¹ã¯ãŒãã å¢å ã䜿çšããç¶²çŸ çãªæ€çŽ¢ã¢ã«ãŽãªãºã
ã«ãŠã³ã¿ãŒå€ãæ¡çšãããã³ã³ãã€ã«æã®æ倧æ°ã«å¶éããããŸãã
èšç®ã æ€çŽ¢ã¯ããµãŒããŒã«çŸåšä¿åãããŠããã«ãŠã³ã¿ãŒå€ããéå§ãããŸãã
XNUMXã€ã¯äœ¿çšããŠæäŸãããŸã -ã«ãŠã³ã¿ãŒ. 倱æããå Žåããã®æäœã«ã¯é·ãæéããããå¯èœæ§ããããŸã
çµäºããåã«; ãŠãŒã¶ãŒã¯ç®¡çè ã«é£çµ¡ããŠæ¯æŽãåããå¿ èŠããããŸãã
TOTP ã¢ãŒãã§ã¯ãã·ã¹ãã ã¯ããã¯ãã©ãã ãå³å¯ã«åæãããŠããããå€æããããšããŸãã
ããŒã¯ã³ã®ã¯ããã¯ãååŸããçµæã衚瀺ããŸãã ãã®æ å ±ã¯ã
åæãäžååãªã¯ããã¯ãè£æ£ããããããŸãã¯èª¿æŽããããã®ãŠãŒã¶ãŒã®ããŒã¯ã³ ã¬ã³ãŒã
æ€èšŒãã©ã¡ãŒã¿ãŒã ããŒã¯ã³ã®ããŒãšãã€ãžã§ã¹ã ã¢ã«ãŽãªãºã ã®ååã¯æ¬¡ã®ãšããã§ãã
ã«å±ããããŒã¯ã³ ã¬ã³ãŒãã«å¯ŸããŠååŸããã ãŠãŒã¶åããããäžããããå Žå; ãã以å€ã®å Žåã¯ããŒ
ããã³ããã衚瀺ããã䜿çšãããã€ãžã§ã¹ã ã¢ã«ãŽãªãºã ãã³ãã³ãããååŸãããŸãã
è¡ãŸãã¯ããã©ã«ãã æåã®ãã¹ã¯ãŒãã®ã¿ ãã¹ã¯ãŒããªã¹ã 䜿çšãããŠããã ã®
-totp-ã¿ã€ã ã¹ããã, -æ¡, -ãããããŒã¹ ãªãã·ã§ã³ã¯ããã®æäœäžã«æå¹ã«ãªããŸãã
-ãã¹ã
ããã€ãã®ã»ã«ããã¹ããå®è¡ããŠããçµäºããŸãã ãŒã以å€ã®çµäºã¹ããŒã¿ã¹ã¯ããšã©ãŒãçºçããããšãæå³ããŸãã
-ãããã·ã§ãŒ NUM
çŸåšæå¹ãªãã©ã¡ãŒã¿ã䜿çšããŠäžé£ã® TOTP ãã¹ã¯ãŒãã衚瀺ããŸãã
ééãµã€ãº (-totp-ã¿ã€ã ã¹ããã)ãæ¡æ°(-æ¡)ãããã³ããŒã¹ (-ããŒã¹ïŒã ã¶
ã¢ã«ãŠã³ãã®ä¿åããããã©ã¡ãŒã¿ãŒã¯å€æŽãããŸããã ããã¯äž»ã«ãããã°çšã§ã
ç®çã
ãã ãŠãŒã¶å ãæäŸãã (TOTP ããã€ã¹ã«é¢é£ä»ããããŠããå¿ èŠããããŸã)ãããŒãš
ã³ãã³ãã©ã€ã³ã§äžæžããããªãéããã¢ã«ãŠã³ãããä¿åãããä»ã®ãã©ã¡ãŒã¿ãŒã䜿çšãããŸã
ãã©ã°ã ã®ãã¹ã¯ãŒãã®ã·ãŒã±ã³ã¹ NUM çŸåšæå»ã®ååŸã®ééã
çŸåšã®æå»ã®ãã¹ã¯ãŒããšãšãã«å°å·ãããŸãã
ãªãå Žå ãŠãŒã¶å ãäžãããããšãããã°ã©ã ã¯ããŒã®å ¥åãæ±ã (ããã¯ãšã³ãŒãããŸã)ã
ãã©ã¡ãŒã¿ã®ã³ãã³ã ã©ã€ã³ ãã©ã°ãŸãã¯ããã©ã«ãå€ã 次ã«ãTOTP ãã¹ã¯ãŒããçºè¡ããŸãã
Return/Enter ãæŒããã³ã«ãçŸåšã®æå»ã衚瀺ãããŸãã EOF ãå ¥åãããšãããã«
çµäºã
-æ€èšŒ otpå€
If otpå€ ã¯æ¬¡ã«äºæ³ãããã¯ã³ã¿ã€ã ãã¹ã¯ãŒãã§ãããXNUMX ã®çµäºã¹ããŒã¿ã¹ã
æåã瀺ããŸãã ãã®ä»ã®å€ã¯å€±æã瀺ããŸãã ããã ãŠãŒã¶å ãäžãããããã©ã¡ãŒã¿
ããŒãå«ãæ€èšŒã®ããã«ãäžæžããããªãéãããã®ã¢ã«ãŠã³ãããååŸãããŸã
ã³ãã³ãã©ã€ã³ã ãµãŒããŒã®ç¶æ ã¯å€æŽãããŸããã äŸãã°ãHOTPã«ãŠã³ã¿ãŒã¯ããã§ã¯ãããŸãã
é«åºŠã ããã ãŠãŒã¶å äžããããã -ã¢ãŒã ãã©ã°ã䜿çšããå¿ èŠãããããã©ã¡ãŒã¿ãŒ
ãã®ã¢ãŒãã«å¿ èŠãªããŒãå«ããŠæå®ããå¿ èŠããããŸãã HOTP ã¢ãŒãã®å Žåãã«ãŠã³ã¿ãŒå€
æäŸãããªããã°ãªããŸããã TOTP ã¢ãŒãã®å Žåãã³ãã³ã ã©ã€ã³ ãã©ã¡ãŒã¿ã¯ãã®éæå¹ã§ãã
æ€èšŒ ãã¯ã¹ããŒã±ã³ ãã©ããããã¹ãããŸã otpå€ ã®ãã©ã¡ãŒã¿ã«å¯ŸããŠæ€èšŒããŸã
å¹æã
ä»¥äž ä¿®é£Ÿå ãã©ã°ã¯ç解ãããŸã:
-ãã¹ãŠ
-ã»ãããã ãããŠããã ãŠãŒã¶åã«å€æŽãé©çšããŸã ã ã¢ã«ãŠã³ãã ããã¯ã«äœ¿çšããããšãã§ããŸã
ããšãã°ããã¹ãŠã®ã¢ã«ãŠã³ããæå¹ãŸãã¯ç¡å¹ã«ããŸãã ã® -inkeys & -outkeys ãã©ã°ã¯
å æ ã§ãã ãšã©ãŒãçºçããå ŽåãåŠçã¯ãã ã¡ã«åæ¢ããŸãã
ã¢ã«ãŠã³ããå€æŽãããå¯èœæ§ããããŸãã
-ããŒã¹ NUM
ã NUM OTP ã衚瀺ãããšãã®ããŒã¹ (åºæ°) ãšããŠã ã®å€ NUM ã«å¶éãããŠããŸã
10 ïŒããã©ã«ãïŒã 16ãŸã㯠32.
-ã«ãŠã³ã¿ãŒ NUM
ããã¯ãèšå®ãã 8 ãã€ãã® HOTP ã«ãŠã³ã¿ãŒå€ã§ãããåã«
"0x" (ãŸã㯠"0X")ããã以å€ã®å Žå㯠XNUMX é²æ°ã å è¡ãŒãã¯çç¥ãããå ŽåããããŸãã ããã¯HOTPãæå³ããŸã
ã¢ãŒãã ããŒã¯ã³ ããã€ã¹ã®å Žåãã«ãŠã³ã¿ãŒ (ã¢ãžã¥ã ã«ãŠã³ã¿ãŒ) ããªã»ããããããšã¯ã§ããŸããã
ãªãŒããŒãããŒ) ãšä»®å®ãããšããã¹ã¯ãŒã ã·ãŒã±ã³ã¹ãç¹°ãè¿ãããããšã«ãªãããã§ãã
ããŒãå€æŽãããŠããªãããšã ãœãããŠã§ã¢ã®å®è£ ã«ã¯ãã®å¶éããªããããããŸãããã
ãã ããã»ãã¥ãªãã£ãžã®åœ±é¿ã«æ³šæããŠãã ããã
-æ¡ NUM
ã NUM OTP ã衚瀺ãããšãã®æ°åã ã®å€ NUM ã«å¶éãããŠããŸã 6, 7, 8 ïŒ
ããã©ã«ã)ããŸã㯠9 ããŒã¹ä»ã 10. å¶éãããŠããŸã 6 ããŒã¹ä»ã 32 ãšç¡èŠãããŸã
ããŒã¹ 16 (XNUMX é²åºå)ã
-ç¡å¹ã«ãã
ïœã®ã¢ã«ãŠã³ããç¡å¹ã«ãã ãŠãŒã¶åãéžæããŸãã local_token_authenticate ã¢ãžã¥ãŒã«ãããã³ -èªèšŒ &
-æ€èšŒ ãã©ã°ã¯ãã¢ã«ãŠã³ããèªèšŒããããŸã§ãŠãŒã¶ãŒã®èªèšŒãèš±å¯ããŸããã
æå¹ã«ãªã£ãŠããŸãããä»ã®æäœã¯åŒãç¶ãã¢ã«ãŠã³ãã§å®è¡ã§ããŸãã ããã -æå¹
ãã®åŸäœ¿çšããããšãã¢ã«ãŠã³ãã¯èªèšŒã«äœ¿çšã§ããããã«ãªãã
ç¡å¹ã«ãããšãã®ç¶æ ã«åŸ©å ãããŸãã ãç¡å¹ã«ããŠããšã©ãŒã§ã¯ãããŸããã
ãã§ã«ç¡å¹ã«ãªã£ãŠããã¢ã«ãŠã³ãã
-æå¹
ã®ã¢ã«ãŠã³ããæå¹ã«ãã ãŠãŒã¶åãéžæããŸãã local_token_authenticate ã¢ãžã¥ãŒã«ã¯ã
èªèšŒãããŠãŒã¶ãŒã ãã§ã«æå¹ã«ãªã£ãŠããã¢ã«ãŠã³ããæå¹ã«ããŠããšã©ãŒã«ã¯ãªããŸããã
-ããããŠã£ã³ã㊠NUM
äºæ³ããã HOTP ãã¹ã¯ãŒããæå®ããããã¹ã¯ãŒããšäžèŽããªãå Žåã¯ãäžèŽããããã«ããŠãã ããã
NUM ã·ãŒã±ã³ã¹å ã®äºæ³ããããã¹ã¯ãŒãã®åŸã®ãã¹ã¯ãŒãã ãŒãã®å€ NUM
ãã®æ€çŽ¢ãç¡å¹ã«ããŸãã
-inkeys ã¢ã€ãã ã®çš®é¡
ç§å¯éµã埩å·åããã«ã¯ãã«ãã£ãŠèå¥ãããã¹ãã¢ã䜿çšããŸãã ã¢ã€ãã ã®çš®é¡ããããã
dacs.conf ã§æ§æãããŸãã
-ã㌠ããŒãŽã¡ã«
ã ããŒãŽã¡ã« XNUMX é²æ°ã®æååãšããŠè¡šãããç§å¯éµãšããŠã
ã»ãã¥ãªãã£
ã³ãã³ã ã©ã€ã³ã§ã®ããŒã®æå®ã¯å®å šã§ã¯ãããŸããã
ä»ã®ããã»ã¹ã
-ããŒãã¡ã€ã« ãã¡ã€ã«å
ãããXNUMX é²æ°ã®æååãšããŠè¡šãããç§å¯éµãèªã¿åããŸãã ãã¡ã€ã«åã å Žå ãã¡ã€ã«å is
"-"ãããŒã¯ stdin ããèªã¿åãããŸãã
-ããŒããã³ãã
XNUMX é²æ°ã®æååãšããŠè¡šãããç§å¯éµã®ããã³ããã å ¥åã¯ãšã³ãŒãããŸããã
-ã¢ãŒã otp ã¢ãŒã
ããã¯ã䜿çšããããŒã¯ã³ã®ã¿ã€ã (OTP ããã€ã¹ ã¢ãŒã) ã (倧æåãšå°æåãåºå¥ããã«) æå®ããŸãã
ã -ã»ãããã, -äœæãããã³æ€èšŒãšåææäœã ã® otp ã¢ãŒã å€å
ã«ãŠã³ã¿ ã¢ãŒãã®å Žå㯠counter ãŸã㯠hotpãæéããŒã¹ ã¢ãŒãã®å Žå㯠time ãŸã㯠totp ã®ããããã§ãã ãã
æ°ããã¢ã«ãŠã³ããäœæãããšãã¯ãã©ã°ãå¿ èŠã§ãã
-outkeys ã¢ã€ãã ã®çš®é¡
ç§å¯éµãæå·åããã«ã¯ãã«ãã£ãŠèå¥ãããã¹ãã¢ã䜿çšããŸãã ã¢ã€ãã ã®çš®é¡ãããããå®çŸ©
dacs.conf ã§ã
-pin ãã³ãŽã¡ã«
ã ãã³ãŽã¡ã« ã¢ã«ãŠã³ãã®ç§å¯ã® PIN ãšããŠã
ã»ãã¥ãªãã£
ã³ãã³ã ã©ã€ã³ã§ã® PIN ã®æå®ã¯å®å šã§ã¯ãããŸããã
ä»ã®ããã»ã¹ã
-ãã³å¶çŽ STR
䜿çšãã代ããã« PASSWORD_CONSTRAINTS[14]ã䜿ã STR (åãæ§æãæã¡ã
ã»ãã³ãã£ã¯ã¹) PIN ã®èŠä»¶ã説æããŸãã
Note
PIN ã®èŠä»¶ã¯ãã³ãã³ã ã©ã€ã³ ãã©ã°ãä»ããŠååŸãã PIN ãšããããã® PIN ã«é©çšãããŸãã
ã€ã³ããŒãã«ãã£ãŠååŸãããŸã (ãpãå±æ§ã䜿çš)ã èŠä»¶ã¯ãããŸãã
ãã ãããé¡åçãã§ãããããèŠä»¶ãå€æŽããŠããã® PIN ã«ã¯åœ±é¿ããŸããã
æ¢åã®ã¢ã«ãŠã³ããŸãã¯ä»¥åã«ãšã¯ã¹ããŒããããã¢ã«ãŠã³ãã®ã€ã³ããŒã (
ãphãå±æ§ïŒã
-ãã³ãã¡ã€ã« ãã¡ã€ã«å
ããã·ãŒã¯ã¬ãã PIN ãèªã¿åããŸãã ãã¡ã€ã«åã å Žå ãã¡ã€ã«å "-" ã®å ŽåãPIN 㯠stdin ããèªã¿åãããŸãã
-ãã³ããã³ãã
ã·ãŒã¯ã¬ãã PIN ã®å ¥åãæ±ããŸãã å ¥åã¯ãšã³ãŒãããŸããã
-rnd
å°æ¥äœ¿çšããããã«äºçŽãããŠããŸãã
-ã·ãŒã STR
å°æ¥äœ¿çšããããã«äºçŽãããŠããŸãã
-ã·ãªã¢ã« STR
ã·ãªã¢ã«ãã³ããŒã STRãããŒã¯ã³ã«å²ãåœãŠããã (æå³çã«) äžæã®èå¥åã§ãã
ãã®ãªãã·ã§ã³ã¯ã -ã»ãããã, -äœæ, -ãªã¹ã ãã©ã°ã ã·ãªã¢ã«çªå·
ç¹å®ã® OTP ããã€ã¹ãèå¥ããç§å¯ã«ããŠããå¿ èŠã¯ãããŸããã äžææ§ããããã£
ã¢ã€ãã ã¿ã€ãã®ã¹ãã¬ãŒãž ãŠãããå ã§é©çšãããŸãã ã€ãŸãããã¹ãŠã® HOTP ã®ã·ãªã¢ã«çªå·
ããã€ã¹ã¯äžæã§ããå¿ èŠãããããã¹ãŠã® TOTP ããã€ã¹ã®ã·ãªã¢ã«çªå·ã¯äžæã§ããå¿ èŠããããŸãã
XNUMX ã€ã®ããã€ã¹ ã¿ã€ãã®ã¢ã«ãŠã³ããçµã¿åããããŠããå Žåããã¹ãŠã®ããã€ã¹ã®ã·ãªã¢ã«çªå·ãäžèŽããŠããå¿ èŠããããŸãã
åæ§çã å°å·å¯èœãªä»»æã®æååãåãå ¥ããããŸãã ãœãããŠã§ã¢ ã¯ã©ã€ã¢ã³ããçæããŠããå Žå
ãã¹ã¯ãŒããããã€ã¹ã®ã·ãªã¢ã«çªå·ã䜿çšããããé©åã«èª¬æçãªãã®ãéžæã§ããŸã
ããã€ã¹ã«ãŸã å²ãåœãŠãããŠããªãæååã
Note
ããŒããŠã§ã¢ ããŒã¯ã³ãš
ãœãããŠã§ã¢ãçæããã¯ã©ã€ã¢ã³ã ã¢ããªã±ãŒã·ã§ã³ã¯ã圢åŒåããã
ãã®ããŒã¯ã³ã®åœåã¹ããŒã ã ããšãã°ã管çè ã¯ã-hwãã
ã圢æããããã®ãã³ããŒã®ã·ãªã¢ã«çªå· ãã¯ã¹ããŒã±ã³ ã·ãªã¢ã«ãã³ããŒã ãœãããŠã§ã¢çš
ããŒã¯ã³ã管çè 㯠ãã¯ã¹ããŒã±ã³ ã·ãªã¢ã«ãã³ããŒä»
ã-swããããã€ã¹ã®ãã³ããŒã®ã·ãªã¢ã«çªå·ã«çœ®ãæããŸãã
-topp-ãã«ã¿ NUM
ããŒã¹ã¿ã€ã ã調æŽãã NUM éé (åã¹ããã ãµã€ãºã®ç§æ°) ã®å Žå
TOTP ãèšç®ããŸãã ã® NUM è² ããŒããæ£ã®ããããã§ãã ããã¯ä¿®æ£ããããã«äœ¿çšãããŸã
ã¯ããã¯ã®åæãäžååãªå Žåã
-ãããããªãã nwindows
TOTP ã®å Žåã次ã®ãŠã£ã³ã㊠ãµã€ãºã䜿çšããŸãã nwindows (ééãµã€ãºã«é¢ããŠ) for
æ€èšŒã ããã nwindows is 0ãèšç®ããã TOTP å€ã¯æå®ãããå€ãšäžèŽããå¿ èŠããããŸã
ãŸãã«ã ããã nwindows is 1äŸãã°ã ãã¯ã¹ããŒã±ã³ æå®ããã TOTP ãšäžèŽããããšããŸã
åãçŸåšãããã³æ¬¡ã®ééã®å€ã ããã«ããã
ã·ã¹ãã 皌åäž ãã¯ã¹ããŒã±ã³ ïŒãŸã㯠local_token_authenticateïŒããã³ããŒã¯ã³çæããã€ã¹ãž
åææ§ãäœããªããŸãã
ã»ãã¥ãªãã£
åæãäžååãªã¯ããã¯ãè£æ£ããŸããã
nwindows ã¯ã³ã¿ã€ã ãã¹ã¯ãŒãã®æå¹æéã延é·ããããšã§ãã·ã¹ãã ã匱äœåãããŸãã
-ãããããã·ã¥ ALG
ã ALG TOTP ã䜿çšãããã€ãžã§ã¹ã ã¢ã«ãŽãªãºã ãšããŠã ã®å€ ALG (ã±ãŒã¹ã«å¶éãããŸã
SHA1 (ããã©ã«ã)ãSHA256ããŸã㯠SHA512ã
-totp-ã¿ã€ã ã¹ããã ãã©ã€
ã ãã©ã€ TOTP ãèšç®ãããšãã®ééãµã€ãºãšããŠã ãŒããã倧ããå¿ èŠããããŸãã ã®
ããã©ã«ã㯠30 ç§ã§ãã
ã»ãã¥ãªãã£
åæãäžååãªã¯ããã¯ãè£æ£ããŸããã
ãã©ã€ ã¯ã³ã¿ã€ã ãã¹ã¯ãŒãã®æå¹æéã延é·ããããšã§ãã·ã¹ãã ã匱äœåãããŸãã
-vfs vfs_uri
ã vfs_uri ããªãŒããŒã©ã€ãããã«ã¯ Vfs[33] èšå®ãã£ã¬ã¯ãã£ããæå¹ã§ãã ããã¯ããããšãã§ããŸã
auth_tokenãauth_hotp_tokenããŸã㯠auth_totp_token ãæ§æãŸãã¯åæ§æããããã«äœ¿çšãããŸãã
æäœå¯Ÿè±¡ã®ã¢ã«ãŠã³ãã®ä¿åæ¹æ³ãæå®ããŸãã
æšæºãšã©ãŒã«åºåããããšã©ãŒã¡ãã»ãŒãžãé€ããŠããã¹ãŠã®åºåã¯
æšæºåºåã
éåžžã ããã¯ã¹ãªãã·ã§ã³ ã©ã®ç®¡èœã代衚ããããéžæããããã«æå®ãããŸãã
ã¢ã«ãŠã³ã管çäžã§ãã
äŸ
ãããã®äŸã§ã¯ã䜿çšãã管èœåºåã®ååã EXAMPLE ãšãã®ãã§ãã¬ãŒã·ã§ã³ã§ããããšãåæãšããŠããŸãã
ãã¡ã€ã³ã¯ example.com ã§ãã
ãã®èªèšŒæ¹æ³ã䜿çšããã«ã¯ã DACS 管çè ã¯æ¬¡ã®æé ãå®è¡ããå ŽåããããŸã
ãŠãŒã¶ãŒã«å²ãåœãŠãããå OTP ããã€ã¹ã«å¯ŸããŠ:
1. ãµããŒããããŠããããŒã¯ã³ãååŸãããããèªèšŒã«ã©ã®ããã«äœ¿çšããããã確èªããå€ãéžæããŸã
ããŸããŸãªãã©ã¡ãŒã¿ãŒçšã ããã€ã¹ã®ç§å¯éµããã³ããŒããååŸããŸãã çºã«
ããã°ã©ããã« ããã€ã¹ã®å Žåãé©åãªã©ã³ãã ããŒãéžæããããã€ã¹ã«ããã°ã©ã ããŸãã
çŸåšã®ã«ãŠã³ã¿ãŒå€ã¯ããã³ããŒããå ¥æããããšãã§ããŸããã
ãŒãã«åæåãããå¯èœæ§ããããŸãã ããã°ã©ããã« ããã€ã¹ã®å Žåãã«ãŠã³ã¿ãŒå€ã
ãŒãã PIN ãå¿ èŠãã©ããã決å®ããŸã ( TOKEN_REQUIRES_PIN[9])ã ãœãããŠã§ã¢ãªã
ã¯ã©ã€ã¢ã³ãã䜿çšãããŠããå ŽåããŠãŒã¶ãŒã®ããã€ã¹ã«ãœãããŠã§ã¢ãã€ã³ã¹ããŒã«ããŸã (ãŸãã¯ãŠãŒã¶ãŒã«ã€ã³ã¹ããŒã«ããŠããããŸã)ã
ãã)ããœãããŠã§ã¢ãæ§æããŸãã
2. ã¢ã«ãŠã³ãæ å ±ãä¿åããå Žæã決å®ããå¿ èŠã«å¿ããŠé©åãª
Vfs[33] dacs.conf ãžã®ãã£ã¬ã¯ãã£ãã ããã©ã«ã (site.conf ã«ãã) ã¯ãã¢ã«ãŠã³ããç¶æããŸãã
å管èœåºåã®ããã©ã«ãã®ãã©ã€ããŒãå ã® auth_tokens ãšããååã®ãã¡ã€ã«å ã®æ å ±
ãšãªã¢ïŒ
VFS "[auth_token]dacs-kwv-fs:${Conf::FEDERATIONS_ROOT}/\
${Conf::FEDERATION_DOMAIN}/${Conf::JURISDICTION_NAME}/auth_tokens"
3. ã¢ã«ãŠã³ãæ å ±ãæå·åããããã®ããŒãçæããŸã ( ããŒã¯ã³ & ç§å¯ ããŒ[34]) ãš
ä¿ç®¡å Žæã決å®ããŸãã äŸ: (ãŠãŒã¶ãŒ IDãã°ã«ãŒã IDããã¹ã
管èœåããã§ãã¬ãŒã·ã§ã³ ãã¡ã€ã³ã¯ç°ãªãå ŽåããããŸã):
% cd /usr/local/dacs/federations_root/example.com/EXAMPLE
% dacskey -uj äŸ -q auth_token_keys
% chgrp www auth_token_keys
% chmod 0640 auth_token_keys
å¿ èŠã«å¿ããŠãé©å㪠Vfs[33] dacs.conf ãžã®ãã£ã¬ã¯ãã£ãã ããã©ã«ããã€ãŸã
äžèšã§äœ¿çšãããã¢ã«ãŠã³ãæ å ±ã auth_token_keys ãšããååã®ãã¡ã€ã«ã«ä¿æããŸã
å管èœåºåã®ããã©ã«ãã®ãã©ã€ããŒã ãšãªã¢:
VFS "[auth_token_keys]dacs-fs:${Conf::FEDERATIONS_ROOT}/\
${Conf::FEDERATION_DOMAIN}/${Conf::JURISDICTION_NAME}/auth_token_keys"
4. ãŠãŒã¶ãŒããµã€ã³ãªã³ããå¿ èŠãããå Žå dacs_authenticate(8)[2]ãæ§æããå¿ èŠããããŸã
dacs.conf ã®é©å㪠Auth å¥ãäŸ:
URLãããŒã¯ã³ã
STYLEããã¹ã
ã³ã³ãããŒã«ãååã
5. 管çè ãé²ããæ¹æ³ã¯ããã€ããããŸãã
åªåã¯ãŠãŒã¶ãŒãè¡ãããšãã§ããŸã (ããšãã°ããŠãŒã¶ãŒãä¿¡é Œã§ãããã©ããããŠãŒã¶ãŒã®æè¡ç
èœå)ããŠãŒã¶ãŒæ° (æ°äººãŸãã¯æ°å人)ãããã³ã»ãã¥ãªãã£ã®ã¬ãã«
å¿ èŠã
1. ãå«ããã¡ã€ã«ãæºåããŸãã XML èšé²[35] åã¢ã«ãŠã³ããäœæããããã ããã
PIN ã䜿çšãããŸããåã¢ã«ãŠã³ãã«ã©ã³ãã 㪠PIN ãå²ãåœãŠãŸãã
2.ã䜿çšããŸã -èŒžå ¥[36] ã¢ã«ãŠã³ããäœæããããã®ãã©ã°ã
3. ããŒã¯ã³ ããã€ã¹ããŠãŒã¶ãŒåãããã³ (å¿ èŠã«å¿ããŠ) åæ PIN ããŠãŒã¶ãŒã«æäŸããŸãã
ïŒãããã身å ã®ç¢ºèªïŒãå¿ èŠãªãã¢ã³ã¹ãã¬ãŒã·ã§ã³ãæäŸãã
æé ;
4. ãŠãŒã¶ãŒã«ã¢ã«ãŠã³ãã® PIN ãèšå®ãŸãã¯ãªã»ããããŠãããããŠãŒã¶ãŒã«ãµã€ã³ãªã³ãäŸé ŒããŸãã
ããŒã¯ã³ã䜿çšããŠæ£ããæäœã確èªããŸãã
HOTP ããã€ã¹ã®ãŠãŒã¶ãŒ bobo ã®ç¡å¹ãªã¢ã«ãŠã³ããäœæããã«ã¯:
% dacstoken -uj äŸ -mode hotp -serial 37000752 -key-file bobo.key -create bobo
ã¢ã«ãŠã³ãã®ç§å¯éµ (ãŸã ååšããŠã¯ãããŸãã) ããã¡ã€ã«ããèªã¿åãããŸãã
bobo.key. æ°ããã¢ã«ãŠã³ãã¯ããã©ã«ãã§ç¡å¹ã«ãªã£ãŠããŸãã 䜿çšãã -æå¹ æå¹ãªã¢ã«ãŠã³ããäœæããŸãã
ã¢ã«ãŠã³ããäœæããããšãããŒã¯ã³ãšåæã§ããŸãã åæããã«ã¯
ãŠãŒã¶ãŒ bobo ã® HOTP ããŒã¯ã³:
% dacstoken -uj äŸ -sync 433268,894121,615120 bobo
ãã®äŸã§ã¯ãç¹å®ã®ããŒã¯ã³ã 433268 ã€ã®é£ç¶ãããã¹ã¯ãŒã XNUMX ãçæããŸããã
894121ãããã³ 615120 ã«ç¶ããã¹ã¯ãŒã ã·ãŒã±ã³ã¹æååã«æ³šæããŠãã ããã - åæ ãã©ã°ã¯
ã¹ããŒã¹ãåã蟌ããªãåäžã®åŒæ°ã ãã®ããŒã¯ã³ã®ããŒã
19c0a3519a89b4a8034c5b9306dbããã®ããŒã¯ã³ã«ãã£ãŠçæããã次ã®ãã¹ã¯ãŒã㯠544323 ã§ããå¿ èŠããããŸã
(ã«ãŠã³ã¿ãŒå€ãã 13ïŒã ããã¯ã次ã䜿çšããŠç¢ºèªã§ããŸãã -ãããã·ã§ãŒ:
% dacstoken -hotp-show 5 -counter 10 -key 19c0a3519a89b4a8034c5b9306db
000000000000000a: 433268
000000000000000b: 894121
000000000000000c: 615120
000000000000000d: 544323
000000000000000eïŒ002442
ãŠãŒã¶ãŒ bobo ã®ã¢ã«ãŠã³ããæå¹ã«ããã«ã¯:
% dacstoken -uj äŸ -enable -set bobo
PIN ãèšå®ãããŠãŒã¶ãŒ bobo ã®ã¢ã«ãŠã³ããæå¹ã«ããã«ã¯:
% dacstoken -uj äŸ -enable -pin "CzAy" -set bobo
ãã¹ãŠã®ã¢ã«ãŠã³ãã詳现ã«äžèŠ§è¡šç€ºããã«ã¯:
% dacstoken -uj äŸ -long
ã -ãªã¹ã flag ã¯ããã©ã«ãã®æäœã§ããããåé·ã§ãã ã® -ã¢ãŒã, -ã«ãŠã³ã¿ãŒ, etc.
修食åã¯ããªã¹ãæã«ã¯å¹æããããŸããã
bobo ã®ã¢ã«ãŠã³ãã®ã¿ãäžèŠ§è¡šç€ºããã«ã¯:
% dacstoken -uj äŸ -list bobo
ãã®ãŠãŒã¶ãŒãã¢ã«ãŠã³ããæã£ãŠããªãå Žåãçµäºã¹ããŒã¿ã¹ã¯ãŒã以å€ã«ãªããŸãã
ã·ãªã¢ã«çªå· 37000752 ã®ããã€ã¹ã®ã¢ã«ãŠã³ãã衚瀺ããã«ã¯:
% dacstoken -uj äŸ -serial 37000752
ããŒã¯ã³ãäžæã«èå¥ããã·ãªã¢ã«çªå·ã¯ãå€ãã®å ŽåãããŒã¯ã³ã«å°å·ãããŠããŸãã
ãŸãã¯ããŒã¯ã³ã§è¡šç€ºã§ããŸãã
bobo ã®æ¢åã®ã¢ã«ãŠã³ãã®ã«ãŠã³ã¿ãŒå€ãèšå®ããã«ã¯:
% dacstoken -uj äŸ -counter 9 -set bobo
ãã®æäœã¯ããã¹ããŸãã¯ãœãããŠã§ã¢ ããŒã¯ã³ã§äœ¿çšãããå ŽåããããŸãã ã® - åæ æäœã¯
ããŒããŠã§ã¢ ããŒã¯ã³ã«é©ããŠããŸãã
ãŠãŒã¶ãŒå bobo ã® PIN ãå€æŽããã«ã¯:
% dacstoken -uj äŸ -pin-prompt -set bobo
ããã°ã©ã ã¯ãæ°ãã PIN ã®å ¥åãæ±ããŸãã
代æ¿ã¢ã«ãŠã³ã ãã¡ã€ã« /secure/auth_tokens ã䜿çšããã«ã¯:
% dacstoken -uj äŸ -vfs "dacs-kwv-fs:/secure/auth_tokens" -list
æ°ããããŒã䜿çšããã«ã¯ (以åãšåãä»®å®ãè¡ããŸã)ãé©å㪠VFS ãã£ã¬ã¯ãã£ãã
dacs.conf; ããã©ã«ãã§ã¯ãé ç®ã¿ã€ã auth_token_keys_prev ã次ã®ããã«å®çŸ©ããŸãã
VFS "[auth_token_keys_prev]dacs-fs:${Conf::FEDERATIONS_ROOT}/\
${Conf::FEDERATION_DOMAIN}/${Conf::JURISDICTION_NAME}/auth_token_keys.prev"
% cd /usr/local/dacs/federations_root/example.com/EXAMPLE
% mv auth_token_keys auth_token_keys.prev
% dacskey -uj äŸ -q auth_token_keys
% chgrp www auth_token_keys
% chmod 0640 auth_token_keys
% dacstoken -uj äŸ -inkeys auth_token_keys.prev -set
蚺æ
ããã°ã©ã 㯠0 ã§çµäºãããšã©ãŒãçºçããå Žå㯠1 ã§çµäºããŸãã
onworks.net ãµãŒãã¹ã䜿çšããŠãªã³ã©ã€ã³ã§ dacstoken ã䜿çšãã