From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc2289.txt | 1403 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1403 insertions(+) create mode 100644 doc/rfc/rfc2289.txt (limited to 'doc/rfc/rfc2289.txt') diff --git a/doc/rfc/rfc2289.txt b/doc/rfc/rfc2289.txt new file mode 100644 index 0000000..8d1d722 --- /dev/null +++ b/doc/rfc/rfc2289.txt @@ -0,0 +1,1403 @@ + + + + + + +Network Working Group N. Haller +Request for Comments: 2289 Bellcore +Obsoletes: 1938 C. Metz +Category: Standards Track Kaman Sciences Corporation + P. Nesser + Nesser & Nesser Consulting + M. Straw + Bellcore + February 1998 + + + A One-Time Password System + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (1998). All Rights Reserved. + +1.0 ABSTRACT + + This document describes a one-time password authentication system + (OTP). The system provides authentication for system access (login) + and other applications requiring authentication that is secure + against passive attacks based on replaying captured reusable + passwords. OTP evolved from the S/KEY (S/KEY is a trademark of + Bellcore) One-Time Password System that was released by Bellcore and + is described in references [3] and [5]. + +2.0 OVERVIEW + + One form of attack on networked computing systems is eavesdropping on + network connections to obtain authentication information such as the + login IDs and passwords of legitimate users. Once this information is + captured, it can be used at a later time to gain access to the + system. One-time password systems are designed to counter this type + of attack, called a "replay attack" [4]. + + The authentication system described in this document uses a secret + pass-phrase to generate a sequence of one-time (single use) + passwords. With this system, the user's secret pass-phrase never + needs to cross the network at any time such as during authentication + + + +Haller Standards Track [Page 1] + +RFC 2289 A One-Time Password System February 1998 + + + or during pass-phrase changes. Thus, it is not vulnerable to replay + attacks. Added security is provided by the property that no secret + information need be stored on any system, including the server being + protected. + + The OTP system protects against external passive attacks against the + authentication subsystem. It does not prevent a network eavesdropper + from gaining access to private information and does not provide + protection against either "social engineering" or active attacks [9]. + +3.0 INTRODUCTION + + There are two entities in the operation of the OTP one-time password + system. The generator must produce the appropriate one-time password + from the user's secret pass-phrase and from information provided in + the challenge from the server. The server must send a challenge that + includes the appropriate generation parameters to the generator, must + verify the one-time password received, must store the last valid + one-time password it received, and must store the corresponding one- + time password sequence number. The server must also facilitate the + changing of the user's secret pass-phrase in a secure manner. + + The OTP system generator passes the user's secret pass-phrase, along + with a seed received from the server as part of the challenge, + through multiple iterations of a secure hash function to produce a + one-time password. After each successful authentication, the number + of secure hash function iterations is reduced by one. Thus, a unique + sequence of passwords is generated. The server verifies the one-time + password received from the generator by computing the secure hash + function once and comparing the result with the previously accepted + one-time password. This technique was first suggested by Leslie + Lamport [1]. + +4.0 REQUIREMENTS TERMINOLOGY + + In this document, the words that are used to define the significance + of each particular requirement are usually capitalized. These words + are: + + - MUST + + This word or the adjective "REQUIRED" means that the item is an + absolute requirement of the specification. + + + + + + + + +Haller Standards Track [Page 2] + +RFC 2289 A One-Time Password System February 1998 + + + - SHOULD + + This word or the adjective "RECOMMENDED" means that there might + exist valid reasons in particular circumstances to ignore this + item, but the full implications should be understood and the case + carefully weighed before taking a different course. + + - MAY + + This word or the adjective "OPTIONAL" means that this item is + truly optional. One vendor might choose to include the item + because a particular marketplace requires it or because it + enhances the product, for example; another vendor may omit the + same item. + +5.0 SECURE HASH FUNCTION + + The security of the OTP system is based on the non-invertability of a + secure hash function. Such a function must be tractable to compute in + the forward direction, but computationally infeasible to invert. + + The interfaces are currently defined for three such hash algorithms, + MD4 [2] and MD5 [6] by Ronald Rivest, and SHA [7] by NIST. All + conforming implementations of both server and generators MUST support + MD5. They SHOULD support SHA and MAY also support MD4. Clearly, the + generator and server must use the same algorithm in order to + interoperate. Other hash algorithms may be specified for use with + this system by publishing the appropriate interfaces. + + The secure hash algorithms listed above have the property that they + accept an input that is arbitrarily long and produce a fixed size + output. The OTP system folds this output to 64 bits using the + algorithms in the Appendix A. 64 bits is also the length of the one- + time passwords. This is believed to be long enough to be secure and + short enough to be entered manually (see below, Form of Output) when + necessary. + +6.0 GENERATION OF ONE-TIME PASSWORDS + + This section describes the generation of the one-time passwords. + This process consists of an initial step in which all inputs are + combined, a computation step where the secure hash function is + applied a specified number of times, and an output function where the + 64 bit one-time password is converted to a human readable form. + + Appendix C contains examples of the outputs given a collection of + inputs. It provides implementors with a means of verification the + use of these algorithms. + + + +Haller Standards Track [Page 3] + +RFC 2289 A One-Time Password System February 1998 + + + Initial Step + + In principle, the user's secret pass-phrase may be of any length. To + reduce the risk from techniques such as exhaustive search or + dictionary attacks, character string pass-phrases MUST contain at + least 10 characters (see Form of Inputs below). All implementations + MUST support a pass-phrases of at least 63 characters. The secret + pass-phrase is frequently, but is not required to be, textual + information provided by a user. + + In this step, the pass phrase is concatenated with a seed that is + transmitted from the server in clear text. This non-secret seed + allows clients to use the same secret pass-phrase on multiple + machines (using different seeds) and to safely recycle their secret + pass-phrases by changing the seed. + + The result of the concatenation is passed through the secure hash + function and then is reduced to 64 bits using one of the function + dependent algorithms shown in Appendix A. + + Computation Step + + A sequence of one-time passwords is produced by applying the secure + hash function multiple times to the output of the initial step + (called S). That is, the first one-time password to be used is + produced by passing S through the secure hash function a number of + times (N) specified by the user. The next one-time password to be + used is generated by passing S though the secure hash function N-1 + times. An eavesdropper who has monitored the transmission of a one- + time password would not be able to generate the next required + password because doing so would mean inverting the hash function. + + Form of Inputs + + The secret pass-phrase is seen only by the OTP generator. To allow + interchangeability of generators, all generators MUST support a + secret pass-phrase of 10 to 63 characters. Implementations MAY + support a longer pass-phrase, but such implementations risk the loss + of interchangeability with implementations supporting only the + minimum. + + The seed MUST consist of purely alphanumeric characters and MUST be + of one to 16 characters in length. The seed is a string of characters + that MUST not contain any blanks and SHOULD consist of strictly + alphanumeric characters from the ISO-646 Invariant Code Set. The + seed MUST be case insensitive and MUST be internally converted to + lower case before it is processed. + + + + +Haller Standards Track [Page 4] + +RFC 2289 A One-Time Password System February 1998 + + + The sequence number and seed together constitute a larger unit of + data called the challenge. The challenge gives the generator the + parameters it needs to calculate the correct one-time password from + the secret pass-phrase. The challenge MUST be in a standard syntax so + that automated generators can recognize the challenge in context and + extract these parameters. The syntax of the challenge is: + + otp- + + The three tokens MUST be separated by a white space (defined as any + number of spaces and/or tabs) and the entire challenge string MUST be + terminated with either a space or a new line. The string "otp-" MUST + be in lower case. The algorithm identifier is case sensitive (the + existing identifiers are all lower case), and the seed is case + insensitive and converted before use to lower case. If additional + algorithms are defined, appropriate identifiers (short, but not + limited to three or four characters) must be defined. The currently + defined algorithm identifiers are: + + md4 MD4 Message Digest + md5 MD5 Message Digest + sha1 NIST Secure Hash Algorithm Revision 1 + + An example of an OTP challenge is: otp-md5 487 dog2 + + Form of Output + + The one-time password generated by the above procedure is 64 bits in + length. Entering a 64 bit number is a difficult and error prone + process. Some generators insert this password into the input stream + and some others make it available for system "cut and paste." Still + other arrangements require the one-time password to be entered + manually. The OTP system is designed to facilitate this manual entry + without impeding automatic methods. The one-time password therefore + MAY be converted to, and all servers MUST be capable of accepting it + as, a sequence of six short (1 to 4 letter) easily typed words that + only use characters from ISO-646 IVCS. Each word is chosen from a + dictionary of 2048 words; at 11 bits per word, all one-time passwords + may be encoded. + + The two extra bits in this encoding are used to store a checksum. + The 64 bits of key are broken down into pairs of bits, then these + pairs are summed together. The two least significant bits of this sum + are encoded in the last two bits of the six word sequence with the + least significant bit of the sum as the last bit encoded. All OTP + generators MUST calculate this checksum and all OTP servers MUST + verify this checksum explicitly as part of the operation of decoding + this representation of the one-time password. + + + +Haller Standards Track [Page 5] + +RFC 2289 A One-Time Password System February 1998 + + + Generators that produce the six-word format MUST present the words in + upper case with single spaces used as separators. All servers MUST + accept six-word format without regard to case and white space used as + a separator. The two lines below represent the same one-time + password. The first is valid as output from a generator and as input + a server, the second is valid only as human input to a server. + + OUST COAT FOAL MUG BEAK TOTE + oust coat foal mug beak tote + + Interoperability requires that all OTP servers and generators use + the same dictionary. The standard dictionary was originally + specified in the "S/KEY One Time Password System" that is described + in RFC 1760 [5]. This dictionary is included in this document as + Appendix D. + + To facilitate the implementation of smaller generators, hexadecimal + output is an acceptable alternative for the presentation of the + one-time password. All implementations of the server software MUST + accept case-insensitive hexadecimal as well as six-word format. The + hexadecimal digits may be separated by white space so servers are + REQUIRED to ignore all white space. If the representation is + partitioned by white space, leading zeros must be retained. + Examples of hexadecimal format are: + + Representation Value + + 3503785b369cda8b 0x3503785b369cda8b + e5cc a1b8 7c13 096b 0xe5cca1b87c13096b + C7 48 90 F4 27 7B A1 CF 0xc74890f4277ba1cf + 47 9 A68 28 4C 9D 0 1BC 0x479a68284c9d01bc + + In addition to accepting six-word and hexadecimal encodings of the + 64 bit one-time password, servers SHOULD accept the alternate + dictionary encoding described in Appendix B. The six words in this + encoding MUST not overlap the set of words in the standard + dictionary. To avoid ambiguity with the hexadecimal representation, + words in the alternate dictionary MUST not be comprised solely of + the letters A-F. Decoding words thus encoded does not require any + knowledge of the alternative dictionary used so the acceptance of + any alternate dictionary implies the acceptance of all alternate + dictionaries. Words in the alternative dictionaries are case + sensitive. Generators and servers MUST preserve the case in the + processing of these words. + + In summary, all conforming servers MUST accept six-word input that + uses the Standard Dictionary (RFC 1760 and Appendix D), MUST accept + hexadecimal encoding, and SHOULD accept six-word input that uses the + + + +Haller Standards Track [Page 6] + +RFC 2289 A One-Time Password System February 1998 + + + Alternative Dictionary technique (Appendix B). As there is a remote + possibility that a hexadecimal encoding of a one-time password will + look like a valid six-word standard dictionary encoding, all + implementations MUST use the following scheme. If a six-word + encoded one-time password is valid, it is accepted. Otherwise, if + the one-time password can be interpreted as hexadecimal, and with + that decoding it is valid, then it is accepted. + +7.0 VERIFICATION OF ONE-TIME PASSWORDS + + An application on the server system that requires OTP authentication + is expected to issue an OTP challenge as described above. Given the + parameters from this challenge and the secret pass-phrase, the + generator can compute (or lookup) the one-time password that is + passed to the server to be verified. + + The server system has a database containing, for each user, the + one-time password from the last successful authentication or the + first OTP of a newly initialized sequence. To authenticate the user, + the server decodes the one-time password received from the generator + into a 64-bit key and then runs this key through the secure hash + function once. If the result of this operation matches the stored + previous OTP, the authentication is successful and the accepted + one-time password is stored for future use. + +8.0 PASS-PHRASE CHANGES + + Because the number of hash function applications executed by the + generator decreases by one each time, at some point the user must + reinitialize the system or be unable to authenticate. + + Although some installations may not permit users to initialize + remotely, implementations MUST provide a means to do so that does + not reveal the user's secret pass-phrase. One way is to provide a + means to reinitialize the sequence through explicit specification + of the first one-time password. + + When the sequence of one-time passwords is reinitialized, + implementations MUST verify that the seed or the pass-phrase is + changed. Installations SHOULD discourage any operation that sends + the secret pass-phrase over a network in clear-text as such practice + defeats the concept of a one-time password. + + Implementations MAY use the following technique for + [re]initialization: + + + + + + +Haller Standards Track [Page 7] + +RFC 2289 A One-Time Password System February 1998 + + + o The user picks a new seed and hash count (default values may + be offered). The user provides these, along with the + corresponding generated one-time password, to the host system. + + o The user MAY also provide the corresponding generated one + time password for count-1 as an error check. + + o The user SHOULD provide the generated one-time password for + the old seed and old hash count to protect an idle terminal + or workstation (this implies that when the count is 1, the + user can login but cannot then change the seed or count). + + In the future a specific protocol may be defined for + reinitialization that will permit smooth and possibly automated + interoperation of all hosts and generators. + +9.0 PROTECTION AGAINST RACE ATTACK + + All conforming server implementations MUST protect against the race + condition described in this section. A defense against this attack + is outlined; implementations MAY use this approach or MAY select an + alternative defense. + + It is possible for an attacker to listen to most of a one-time + password, guess the remainder, and then race the legitimate user to + complete the authentication. Multiple guesses against the last word + of the six-word format are likely to succeed. + + One possible defense is to prevent a user from starting multiple + simultaneous authentication sessions. This means that once the + legitimate user has initiated authentication, an attacker would be + blocked until the first authentication process has completed. In + this approach, a timeout is necessary to thwart a denial of service + attack. + +10.0 SECURITY CONSIDERATIONS + + This entire document discusses an authentication system that + improves security by limiting the danger of eavesdropping/replay + attacks that have been used against simple password systems [4]. + + The use of the OTP system only provides protections against passive + eavesdropping/replay attacks. It does not provide for the privacy + of transmitted data, and it does not provide protection against + active attacks such as session hijacking that are known to be + present in the current Internet [9]. The use of IP Security + (IPsec), see [10], [11], and [12] is recommended to protect against + TCP session hijacking. + + + +Haller Standards Track [Page 8] + +RFC 2289 A One-Time Password System February 1998 + + + The success of the OTP system to protect host systems is dependent + on the non-invertability of the secure hash functions used. To our + knowledge, none of the hash algorithms have been broken, but it is + generally believed [6] that MD4 is not as strong as MD5. If a + server supports multiple hash algorithms, it is only as secure as + the weakest algorithm. + +11.0 ACKNOWLEDGMENTS + + The idea behind OTP authentication was first proposed by Leslie + Lamport [1]. Bellcore's S/KEY system, from which OTP is derived, was + proposed by Phil Karn, who also wrote most of the Bellcore reference + implementation. + +12.0 REFERENCES + + [1] Leslie Lamport, "Password Authentication with Insecure + Communication", Communications of the ACM 24.11 (November + 1981), 770-772 + + [2] Rivest, R., "The MD4 Message-Digest Algorithm", RFC 1320, + April 1992. + + [3] Neil Haller, "The S/KEY One-Time Password System", Proceedings + of the ISOC Symposium on Network and Distributed System + Security, February 1994, San Diego, CA + + [4] Haller, N., and R. Atkinson, "On Internet Authentication", + RFC 1704, October 1994. + + [5] Haller, N., "The S/KEY One-Time Password System", + RFC 1760, February 1995. + + [6] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, + April 1992. + + [7] National Institute of Standards and Technology (NIST), + "Announcing the Secure Hash Standard", FIPS 180-1, U.S. + Department of Commerce, April 1995. + + [8] International Standard - Information Processing -- ISO 7-bit + coded character set for information interchange (Invariant Code + Set), ISO-646, International Standards Organization, Geneva, + Switzerland, 1983 + + + + + + + +Haller Standards Track [Page 9] + +RFC 2289 A One-Time Password System February 1998 + + + [9] Computer Emergency Response Team (CERT), "IP Spoofing and + Hijacked Terminal Connections", CA-95:01, January 1995. + Available via anonymous ftp from info.cert.org in + /pub/cert_advisories. + + [10] Atkinson, R., "Security Architecture for the Internet Protocol", + RFC 1825, August 1995. + + [11] Atkinson, R., "IP Authentication Header", RFC 1826, August + 1995. + + [12] Atkinson, R., "IP Encapsulating Security Payload (ESP)", RFC + 1827, August 1995. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Haller Standards Track [Page 10] + +RFC 2289 A One-Time Password System February 1998 + + +13.0 AUTHORS' ADDRESSES + + Neil Haller + Bellcore + MCC 1C-265B + 445 South Street + Morristown, NJ, 07960-6438, USA + + Phone: +1 201 829-4478 + Fax: +1 201 829-2504 + EMail: nmh@bellcore.com + + + Craig Metz + Kaman Sciences Corporation + For NRL Code 5544 + 4555 Overlook Avenue, S.W. + Washington, DC, 20375-5337, USA + + Phone: +1 202 404-7122 + Fax: +1 202 404-7942 + EMail: cmetz@cs.nrl.navy.mil + + + Philip J. Nesser II + Nesser & Nesser Consulting + 13501 100th Ave NE + Suite 5202 + Kirkland, WA 98034, USA + + Phone: +1 206 481 4303 + EMail: pjnesser@martigny.ai.mit.edu + + + Mike Straw + Bellcore + RRC 1A-225 + 445 Hoes Lane + Piscataway, NJ 08854-4182 + + Phone: +1 908 699-5212 + EMail: mess@bellcore.com + + + + + + + + + +Haller Standards Track [Page 11] + +RFC 2289 A One-Time Password System February 1998 + + +Appendix A - Interfaces to Secure Hash Algorithms + + Original interoperability tests provided valuable insights into the + subtle problems which occur when converting protocol specifications + into running code. In particular, the manipulation of bit ordered + data is dependent on the architecture of the hardware, specifically + the way in which a computer stores multi-byte data. The method is + typically called big or little "endian." A big endian machine stores + data with the most significant byte first, while a little endian + machine stores the least significant byte first. Thus, on a big + endian machine data is stored left to right, while little endian + machines store data right to left. + + For example, the four byte value 0x11AABBCC is stored in a big endian + machine as the following series of four bytes, "0x11", "0xAA", + "0xBB", and "0xCC", while on a little endian machine the value would + be stored as "0xCC", "0xBB", "0xAA", and "0x11". + + For historical reasons, and to promote interoperability with existing + implementations, it was decided that ALL hashes incorporated into the + OTP protocol MUST store the output of their hash function in LITTLE + ENDIAN format BEFORE the bit folding to 64 bits occurs. This is done + in the implementations of MD4 and MD5 (see references [2] and [6]), + while it must be explicitly done for the implementation of SHA1 (see + reference [7]). + + Any future hash functions implemented into the OTP protocol SHOULD + provide a similar reference fragment of code to allow independent + implementations to operate successfully. + + + MD4 Message Digest (see reference [2]) + + MD4_CTX md; + unsigned char result[16]; + + strcpy(buf, seed); /* seed must be in lower case */ + strcat(buf, passwd); + MD4Init(&md); + MD4Update(&md, (unsigned char *)buf, strlen(buf)); + MD4Final(result, &md); + + /* Fold the 128 bit result to 64 bits */ + for (i = 0; i < 8; i++) + result[i] ^= result[i+8]; + + + + + + +Haller Standards Track [Page 12] + +RFC 2289 A One-Time Password System February 1998 + + +MD5 Message Digest (see reference [6]) + + MD5_CTX md; + unsigned char result[16]; + strcpy(buf, seed); /* seed must be in lower case */ + strcat(buf, passwd); + MD5Init(&md); + MD5Update(&md, (unsigned char *)buf, strlen(buf)); + MD5Final(result, &md); + + /* Fold the 128 bit result to 64 bits */ + for (i = 0; i < 8; i++) + result[i] ^= result[i+8]; + + +SHA Secure Hash Algorithm (see reference [7]) + + SHA_INFO sha; + unsigned char result[16]; + strcpy(buf, seed); /* seed must be in lower case */ + strcat(buf, passwd); + sha_init(&sha); + sha_update(&sha, (unsigned char *)buf, strlen(buf)); + sha_final(&sha); /* NOTE: no result buffer */ + + /* Fold the 160 bit result to 64 bits */ + sha.digest[0] ^= sha.digest[2]; + sha.digest[1] ^= sha.digest[3]; + sha.digest[0] ^= sha.digest[4]; + + /* + * copy the resulting 64 bits to the result buffer in little endian + * fashion (analogous to the way MD4Final() and MD5Final() do). + */ + for (i = 0, j = 0; j < 8; i++, j += 4) + { + result[j] = (unsigned char)(sha.digest[i] & 0xff); + result[j+1] = (unsigned char)((sha.digest[i] >> 8) & 0xff); + result[j+2] = (unsigned char)((sha.digest[i] >> 16) & 0xff); + result[j+3] = (unsigned char)((sha.digest[i] >> 24) & 0xff); + } + + + + + + + + + + +Haller Standards Track [Page 13] + +RFC 2289 A One-Time Password System February 1998 + + +Appendix B - Alternative Dictionary Algorithm + + The purpose of alternative dictionary encoding of the OTP one-time + password is to allow the use of language specific or friendly words. + As case translation is not always well defined, the alternative + dictionary encoding is case sensitive. Servers SHOULD accept this + encoding in addition to the standard 6-word and hexadecimal + encodings. + + + GENERATOR ENCODING USING AN ALTERNATE DICTIONARY + + The standard 6-word encoding uses the placement of a word in the + dictionary to represent an 11-bit number. The 64-bit one-time + password can then be represented by six words. + + An alternative dictionary of 2048 words may be created such that + each word W and position of the word in the dictionary N obey the + relationship: + + alg( W ) % 2048 == N + where + alg is the hash algorithm used (e.g. MD4, MD5, SHA1). + + In addition, no words in the standard dictionary may be chosen. + + The generator expands the 64-bit one-time password to 66 bits by + computing parity as with the standard 6-word encoding. The six 11- + bit numbers are then converted to words using the dictionary that + was created such that the above relationship holds. + + SERVER DECODING OF ALTERNATE DICTIONARY ONE-TIME PASSWORDS + + The server accepting alternative dictionary encoding converts each + word to an 11-bit number using the above encoding. These numbers + are then used in the same way as the decoded standard dictionary + words to form the 66-bit one-time password. + + The server does not need to have access to the alternate dictionary + that was used to create the one-time password it is authenticating. + This is because the decoding from word to 11-bit number does not + make any use of the dictionary. As a result of the independence of + the dictionary, a server accepting one alternate dictionary accept + all alternate dictionaries. + + + + + + + +Haller Standards Track [Page 14] + +RFC 2289 A One-Time Password System February 1998 + + +Appendix C - OTP Verification Examples + + This appendix provides a series of inputs and correct outputs for all + three of the defined OTP cryptographic hashes, specifically MD4, MD5, + and SHA1. This document is intended to be used by developers for + interoperability checks when creating generators or servers. Output + is provided in both hexadecimal notation and the six word encoding + documented in Appendix D. + + GENERAL CHECKS + + Note that the output given for these checks is not intended to be + taken literally, but describes the type of action that should be + taken. + + Pass Phrase Length + + Input: + Pass Phrase: Too_short + Seed: iamvalid + Count: 99 + Hash: ANY + Output: + ERROR: Pass Phrase too short + + Input: + Pass Phrase: + 1234567890123456789012345678901234567890123456789012345678901234 + Seed: iamvalid + Count: 99 + Hash: ANY + Output: + WARNING: Pass Phrase longer than the recommended maximum length of +63 + +Seed Values + + Input: + Pass Phrase: A_Valid_Pass_Phrase + Seed: Length_Okay + Count: 99 + Hash: ANY + Output: + ERROR: Seed must be purely alphanumeric + + Input: + Pass Phrase: A_Valid_Pass_Phrase + Seed: LengthOfSeventeen + + + +Haller Standards Track [Page 15] + +RFC 2289 A One-Time Password System February 1998 + + + Count: 99 + Hash: ANY + + Output: + ERROR: Seed must be between 1 and 16 characters in length + + Input: + Pass Phrase: A_Valid_Pass_Phrase + Seed: A Seed + Count: 99 + Hash: ANY + Output: + ERROR: Seed must not contain any spaces + +Parity Calculations + + Input: + Pass Phrase: A_Valid_Pass_Phrase + Seed: AValidSeed + Count: 99 + Hash: MD5 + Output: + Hex: 85c43ee03857765b + Six Word(CORRECT): FOWL KID MASH DEAD DUAL OAF + Six Word(INCORRECT PARITY): FOWL KID MASH DEAD DUAL NUT + Six Word(INCORRECT PARITY): FOWL KID MASH DEAD DUAL O + Six Word(INCORRECT PARITY): FOWL KID MASH DEAD DUAL OAK + + + + + + + + + + + + + + + + + + + + + + + + +Haller Standards Track [Page 16] + +RFC 2289 A One-Time Password System February 1998 + + +MD4 ENCODINGS + +Pass Phrase Seed Cnt Hex Six Word Format +======================================================================== +This is a test. TeSt 0 D185 4218 EBBB 0B51 + ROME MUG FRED SCAN LIVE LACE +This is a test. TeSt 1 6347 3EF0 1CD0 B444 + CARD SAD MINI RYE COL KIN +This is a test. TeSt 99 C5E6 1277 6E6C 237A + NOTE OUT IBIS SINK NAVE MODE +AbCdEfGhIjK alpha1 0 5007 6F47 EB1A DE4E + AWAY SEN ROOK SALT LICE MAP +AbCdEfGhIjK alpha1 1 65D2 0D19 49B5 F7AB + CHEW GRIM WU HANG BUCK SAID +AbCdEfGhIjK alpha1 99 D150 C82C CE6F 62D1 + ROIL FREE COG HUNK WAIT COCA +OTP's are good correct 0 849C 79D4 F6F5 5388 + FOOL STEM DONE TOOL BECK NILE +OTP's are good correct 1 8C09 92FB 2508 47B1 + GIST AMOS MOOT AIDS FOOD SEEM +OTP's are good correct 99 3F3B F4B4 145F D74B + TAG SLOW NOV MIN WOOL KENO + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Haller Standards Track [Page 17] + +RFC 2289 A One-Time Password System February 1998 + + +MD5 ENCODINGS + +Pass Phrase Seed Cnt Hex Six Word Format +======================================================================== +This is a test. TeSt 0 9E87 6134 D904 99DD + INCH SEA ANNE LONG AHEM TOUR +This is a test. TeSt 1 7965 E054 36F5 029F + EASE OIL FUM CURE AWRY AVIS +This is a test. TeSt 99 50FE 1962 C496 5880 + BAIL TUFT BITS GANG CHEF THY +AbCdEfGhIjK alpha1 0 8706 6DD9 644B F206 + FULL PEW DOWN ONCE MORT ARC +AbCdEfGhIjK alpha1 1 7CD3 4C10 40AD D14B + FACT HOOF AT FIST SITE KENT +AbCdEfGhIjK alpha1 99 5AA3 7A81 F212 146C + BODE HOP JAKE STOW JUT RAP +OTP's are good correct 0 F205 7539 43DE 4CF9 + ULAN NEW ARMY FUSE SUIT EYED +OTP's are good correct 1 DDCD AC95 6F23 4937 + SKIM CULT LOB SLAM POE HOWL +OTP's are good correct 99 B203 E28F A525 BE47 + LONG IVY JULY AJAR BOND LEE + + +SHA1 ENCODINGS + +Pass Phrase Seed Cnt Hex Six Word Format +======================================================================== +This is a test. TeSt 0 BB9E 6AE1 979D 8FF4 + MILT VARY MAST OK SEES WENT +This is a test. TeSt 1 63D9 3663 9734 385B + CART OTTO HIVE ODE VAT NUT +This is a test. TeSt 99 87FE C776 8B73 CCF9 + GAFF WAIT SKID GIG SKY EYED +AbCdEfGhIjK alpha1 0 AD85 F658 EBE3 83C9 + LEST OR HEEL SCOT ROB SUIT +AbCdEfGhIjK alpha1 1 D07C E229 B5CF 119B + RITE TAKE GELD COST TUNE RECK +AbCdEfGhIjK alpha1 99 27BC 7103 5AAF 3DC6 + MAY STAR TIN LYON VEDA STAN +OTP's are good correct 0 D51F 3E99 BF8E 6F0B + RUST WELT KICK FELL TAIL FRAU +OTP's are good correct 1 82AE B52D 9437 74E4 + FLIT DOSE ALSO MEW DRUM DEFY +OTP's are good correct 99 4F29 6A74 FE15 67EC + AURA ALOE HURL WING BERG WAIT + + + + + +Haller Standards Track [Page 18] + +RFC 2289 A One-Time Password System February 1998 + + +Appendix D - Dictionary for Converting Between 6-Word and Binary Formats + + This dictionary is from the module put.c in the original Bellcore + reference distribution. + +{ "A", "ABE", "ACE", "ACT", "AD", "ADA", "ADD", +"AGO", "AID", "AIM", "AIR", "ALL", "ALP", "AM", "AMY", +"AN", "ANA", "AND", "ANN", "ANT", "ANY", "APE", "APS", +"APT", "ARC", "ARE", "ARK", "ARM", "ART", "AS", "ASH", +"ASK", "AT", "ATE", "AUG", "AUK", "AVE", "AWE", "AWK", +"AWL", "AWN", "AX", "AYE", "BAD", "BAG", "BAH", "BAM", +"BAN", "BAR", "BAT", "BAY", "BE", "BED", "BEE", "BEG", +"BEN", "BET", "BEY", "BIB", "BID", "BIG", "BIN", "BIT", +"BOB", "BOG", "BON", "BOO", "BOP", "BOW", "BOY", "BUB", +"BUD", "BUG", "BUM", "BUN", "BUS", "BUT", "BUY", "BY", +"BYE", "CAB", "CAL", "CAM", "CAN", "CAP", "CAR", "CAT", +"CAW", "COD", "COG", "COL", "CON", "COO", "COP", "COT", +"COW", "COY", "CRY", "CUB", "CUE", "CUP", "CUR", "CUT", +"DAB", "DAD", "DAM", "DAN", "DAR", "DAY", "DEE", "DEL", +"DEN", "DES", "DEW", "DID", "DIE", "DIG", "DIN", "DIP", +"DO", "DOE", "DOG", "DON", "DOT", "DOW", "DRY", "DUB", +"DUD", "DUE", "DUG", "DUN", "EAR", "EAT", "ED", "EEL", +"EGG", "EGO", "ELI", "ELK", "ELM", "ELY", "EM", "END", +"EST", "ETC", "EVA", "EVE", "EWE", "EYE", "FAD", "FAN", +"FAR", "FAT", "FAY", "FED", "FEE", "FEW", "FIB", "FIG", +"FIN", "FIR", "FIT", "FLO", "FLY", "FOE", "FOG", "FOR", +"FRY", "FUM", "FUN", "FUR", "GAB", "GAD", "GAG", "GAL", +"GAM", "GAP", "GAS", "GAY", "GEE", "GEL", "GEM", "GET", +"GIG", "GIL", "GIN", "GO", "GOT", "GUM", "GUN", "GUS", +"GUT", "GUY", "GYM", "GYP", "HA", "HAD", "HAL", "HAM", +"HAN", "HAP", "HAS", "HAT", "HAW", "HAY", "HE", "HEM", +"HEN", "HER", "HEW", "HEY", "HI", "HID", "HIM", "HIP", +"HIS", "HIT", "HO", "HOB", "HOC", "HOE", "HOG", "HOP", +"HOT", "HOW", "HUB", "HUE", "HUG", "HUH", "HUM", "HUT", +"I", "ICY", "IDA", "IF", "IKE", "ILL", "INK", "INN", +"IO", "ION", "IQ", "IRA", "IRE", "IRK", "IS", "IT", +"ITS", "IVY", "JAB", "JAG", "JAM", "JAN", "JAR", "JAW", +"JAY", "JET", "JIG", "JIM", "JO", "JOB", "JOE", "JOG", +"JOT", "JOY", "JUG", "JUT", "KAY", "KEG", "KEN", "KEY", +"KID", "KIM", "KIN", "KIT", "LA", "LAB", "LAC", "LAD", +"LAG", "LAM", "LAP", "LAW", "LAY", "LEA", "LED", "LEE", +"LEG", "LEN", "LEO", "LET", "LEW", "LID", "LIE", "LIN", +"LIP", "LIT", "LO", "LOB", "LOG", "LOP", "LOS", "LOT", +"LOU", "LOW", "LOY", "LUG", "LYE", "MA", "MAC", "MAD", +"MAE", "MAN", "MAO", "MAP", "MAT", "MAW", "MAY", "ME", +"MEG", "MEL", "MEN", "MET", "MEW", "MID", "MIN", "MIT", +"MOB", "MOD", "MOE", "MOO", "MOP", "MOS", "MOT", "MOW", +"MUD", "MUG", "MUM", "MY", "NAB", "NAG", "NAN", "NAP", + + + +Haller Standards Track [Page 19] + +RFC 2289 A One-Time Password System February 1998 + + +"NAT", "NAY", "NE", "NED", "NEE", "NET", "NEW", "NIB", +"NIL", "NIP", "NIT", "NO", "NOB", "NOD", "NON", "NOR", +"NOT", "NOV", "NOW", "NU", "NUN", "NUT", "O", "OAF", +"OAK", "OAR", "OAT", "ODD", "ODE", "OF", "OFF", "OFT", +"OH", "OIL", "OK", "OLD", "ON", "ONE", "OR", "ORB", +"ORE", "ORR", "OS", "OTT", "OUR", "OUT", "OVA", "OW", +"OWE", "OWL", "OWN", "OX", "PA", "PAD", "PAL", "PAM", +"PAN", "PAP", "PAR", "PAT", "PAW", "PAY", "PEA", "PEG", +"PEN", "PEP", "PER", "PET", "PEW", "PHI", "PI", "PIE", +"PIN", "PIT", "PLY", "PO", "POD", "POE", "POP", "POT", +"POW", "PRO", "PRY", "PUB", "PUG", "PUN", "PUP", "PUT", +"QUO", "RAG", "RAM", "RAN", "RAP", "RAT", "RAW", "RAY", +"REB", "RED", "REP", "RET", "RIB", "RID", "RIG", "RIM", +"RIO", "RIP", "ROB", "ROD", "ROE", "RON", "ROT", "ROW", +"ROY", "RUB", "RUE", "RUG", "RUM", "RUN", "RYE", "SAC", +"SAD", "SAG", "SAL", "SAM", "SAN", "SAP", "SAT", "SAW", +"SAY", "SEA", "SEC", "SEE", "SEN", "SET", "SEW", "SHE", +"SHY", "SIN", "SIP", "SIR", "SIS", "SIT", "SKI", "SKY", +"SLY", "SO", "SOB", "SOD", "SON", "SOP", "SOW", "SOY", +"SPA", "SPY", "SUB", "SUD", "SUE", "SUM", "SUN", "SUP", +"TAB", "TAD", "TAG", "TAN", "TAP", "TAR", "TEA", "TED", +"TEE", "TEN", "THE", "THY", "TIC", "TIE", "TIM", "TIN", +"TIP", "TO", "TOE", "TOG", "TOM", "TON", "TOO", "TOP", +"TOW", "TOY", "TRY", "TUB", "TUG", "TUM", "TUN", "TWO", +"UN", "UP", "US", "USE", "VAN", "VAT", "VET", "VIE", +"WAD", "WAG", "WAR", "WAS", "WAY", "WE", "WEB", "WED", +"WEE", "WET", "WHO", "WHY", "WIN", "WIT", "WOK", "WON", +"WOO", "WOW", "WRY", "WU", "YAM", "YAP", "YAW", "YE", +"YEA", "YES", "YET", "YOU", "ABED", "ABEL", "ABET", "ABLE", +"ABUT", "ACHE", "ACID", "ACME", "ACRE", "ACTA", "ACTS", "ADAM", +"ADDS", "ADEN", "AFAR", "AFRO", "AGEE", "AHEM", "AHOY", "AIDA", +"AIDE", "AIDS", "AIRY", "AJAR", "AKIN", "ALAN", "ALEC", "ALGA", +"ALIA", "ALLY", "ALMA", "ALOE", "ALSO", "ALTO", "ALUM", "ALVA", +"AMEN", "AMES", "AMID", "AMMO", "AMOK", "AMOS", "AMRA", "ANDY", +"ANEW", "ANNA", "ANNE", "ANTE", "ANTI", "AQUA", "ARAB", "ARCH", +"AREA", "ARGO", "ARID", "ARMY", "ARTS", "ARTY", "ASIA", "ASKS", +"ATOM", "AUNT", "AURA", "AUTO", "AVER", "AVID", "AVIS", "AVON", +"AVOW", "AWAY", "AWRY", "BABE", "BABY", "BACH", "BACK", "BADE", +"BAIL", "BAIT", "BAKE", "BALD", "BALE", "BALI", "BALK", "BALL", +"BALM", "BAND", "BANE", "BANG", "BANK", "BARB", "BARD", "BARE", +"BARK", "BARN", "BARR", "BASE", "BASH", "BASK", "BASS", "BATE", +"BATH", "BAWD", "BAWL", "BEAD", "BEAK", "BEAM", "BEAN", "BEAR", +"BEAT", "BEAU", "BECK", "BEEF", "BEEN", "BEER", "BEET", "BELA", +"BELL", "BELT", "BEND", "BENT", "BERG", "BERN", "BERT", "BESS", +"BEST", "BETA", "BETH", "BHOY", "BIAS", "BIDE", "BIEN", "BILE", +"BILK", "BILL", "BIND", "BING", "BIRD", "BITE", "BITS", "BLAB", +"BLAT", "BLED", "BLEW", "BLOB", "BLOC", "BLOT", "BLOW", "BLUE", +"BLUM", "BLUR", "BOAR", "BOAT", "BOCA", "BOCK", "BODE", "BODY", + + + +Haller Standards Track [Page 20] + +RFC 2289 A One-Time Password System February 1998 + + +"BOGY", "BOHR", "BOIL", "BOLD", "BOLO", "BOLT", "BOMB", "BONA", +"BOND", "BONE", "BONG", "BONN", "BONY", "BOOK", "BOOM", "BOON", +"BOOT", "BORE", "BORG", "BORN", "BOSE", "BOSS", "BOTH", "BOUT", +"BOWL", "BOYD", "BRAD", "BRAE", "BRAG", "BRAN", "BRAY", "BRED", +"BREW", "BRIG", "BRIM", "BROW", "BUCK", "BUDD", "BUFF", "BULB", +"BULK", "BULL", "BUNK", "BUNT", "BUOY", "BURG", "BURL", "BURN", +"BURR", "BURT", "BURY", "BUSH", "BUSS", "BUST", "BUSY", "BYTE", +"CADY", "CAFE", "CAGE", "CAIN", "CAKE", "CALF", "CALL", "CALM", +"CAME", "CANE", "CANT", "CARD", "CARE", "CARL", "CARR", "CART", +"CASE", "CASH", "CASK", "CAST", "CAVE", "CEIL", "CELL", "CENT", +"CERN", "CHAD", "CHAR", "CHAT", "CHAW", "CHEF", "CHEN", "CHEW", +"CHIC", "CHIN", "CHOU", "CHOW", "CHUB", "CHUG", "CHUM", "CITE", +"CITY", "CLAD", "CLAM", "CLAN", "CLAW", "CLAY", "CLOD", "CLOG", +"CLOT", "CLUB", "CLUE", "COAL", "COAT", "COCA", "COCK", "COCO", +"CODA", "CODE", "CODY", "COED", "COIL", "COIN", "COKE", "COLA", +"COLD", "COLT", "COMA", "COMB", "COME", "COOK", "COOL", "COON", +"COOT", "CORD", "CORE", "CORK", "CORN", "COST", "COVE", "COWL", +"CRAB", "CRAG", "CRAM", "CRAY", "CREW", "CRIB", "CROW", "CRUD", +"CUBA", "CUBE", "CUFF", "CULL", "CULT", "CUNY", "CURB", "CURD", +"CURE", "CURL", "CURT", "CUTS", "DADE", "DALE", "DAME", "DANA", +"DANE", "DANG", "DANK", "DARE", "DARK", "DARN", "DART", "DASH", +"DATA", "DATE", "DAVE", "DAVY", "DAWN", "DAYS", "DEAD", "DEAF", +"DEAL", "DEAN", "DEAR", "DEBT", "DECK", "DEED", "DEEM", "DEER", +"DEFT", "DEFY", "DELL", "DENT", "DENY", "DESK", "DIAL", "DICE", +"DIED", "DIET", "DIME", "DINE", "DING", "DINT", "DIRE", "DIRT", +"DISC", "DISH", "DISK", "DIVE", "DOCK", "DOES", "DOLE", "DOLL", +"DOLT", "DOME", "DONE", "DOOM", "DOOR", "DORA", "DOSE", "DOTE", +"DOUG", "DOUR", "DOVE", "DOWN", "DRAB", "DRAG", "DRAM", "DRAW", +"DREW", "DRUB", "DRUG", "DRUM", "DUAL", "DUCK", "DUCT", "DUEL", +"DUET", "DUKE", "DULL", "DUMB", "DUNE", "DUNK", "DUSK", "DUST", +"DUTY", "EACH", "EARL", "EARN", "EASE", "EAST", "EASY", "EBEN", +"ECHO", "EDDY", "EDEN", "EDGE", "EDGY", "EDIT", "EDNA", "EGAN", +"ELAN", "ELBA", "ELLA", "ELSE", "EMIL", "EMIT", "EMMA", "ENDS", +"ERIC", "EROS", "EVEN", "EVER", "EVIL", "EYED", "FACE", "FACT", +"FADE", "FAIL", "FAIN", "FAIR", "FAKE", "FALL", "FAME", "FANG", +"FARM", "FAST", "FATE", "FAWN", "FEAR", "FEAT", "FEED", "FEEL", +"FEET", "FELL", "FELT", "FEND", "FERN", "FEST", "FEUD", "FIEF", +"FIGS", "FILE", "FILL", "FILM", "FIND", "FINE", "FINK", "FIRE", +"FIRM", "FISH", "FISK", "FIST", "FITS", "FIVE", "FLAG", "FLAK", +"FLAM", "FLAT", "FLAW", "FLEA", "FLED", "FLEW", "FLIT", "FLOC", +"FLOG", "FLOW", "FLUB", "FLUE", "FOAL", "FOAM", "FOGY", "FOIL", +"FOLD", "FOLK", "FOND", "FONT", "FOOD", "FOOL", "FOOT", "FORD", +"FORE", "FORK", "FORM", "FORT", "FOSS", "FOUL", "FOUR", "FOWL", +"FRAU", "FRAY", "FRED", "FREE", "FRET", "FREY", "FROG", "FROM", +"FUEL", "FULL", "FUME", "FUND", "FUNK", "FURY", "FUSE", "FUSS", +"GAFF", "GAGE", "GAIL", "GAIN", "GAIT", "GALA", "GALE", "GALL", +"GALT", "GAME", "GANG", "GARB", "GARY", "GASH", "GATE", "GAUL", +"GAUR", "GAVE", "GAWK", "GEAR", "GELD", "GENE", "GENT", "GERM", + + + +Haller Standards Track [Page 21] + +RFC 2289 A One-Time Password System February 1998 + + +"GETS", "GIBE", "GIFT", "GILD", "GILL", "GILT", "GINA", "GIRD", +"GIRL", "GIST", "GIVE", "GLAD", "GLEE", "GLEN", "GLIB", "GLOB", +"GLOM", "GLOW", "GLUE", "GLUM", "GLUT", "GOAD", "GOAL", "GOAT", +"GOER", "GOES", "GOLD", "GOLF", "GONE", "GONG", "GOOD", "GOOF", +"GORE", "GORY", "GOSH", "GOUT", "GOWN", "GRAB", "GRAD", "GRAY", +"GREG", "GREW", "GREY", "GRID", "GRIM", "GRIN", "GRIT", "GROW", +"GRUB", "GULF", "GULL", "GUNK", "GURU", "GUSH", "GUST", "GWEN", +"GWYN", "HAAG", "HAAS", "HACK", "HAIL", "HAIR", "HALE", "HALF", +"HALL", "HALO", "HALT", "HAND", "HANG", "HANK", "HANS", "HARD", +"HARK", "HARM", "HART", "HASH", "HAST", "HATE", "HATH", "HAUL", +"HAVE", "HAWK", "HAYS", "HEAD", "HEAL", "HEAR", "HEAT", "HEBE", +"HECK", "HEED", "HEEL", "HEFT", "HELD", "HELL", "HELM", "HERB", +"HERD", "HERE", "HERO", "HERS", "HESS", "HEWN", "HICK", "HIDE", +"HIGH", "HIKE", "HILL", "HILT", "HIND", "HINT", "HIRE", "HISS", +"HIVE", "HOBO", "HOCK", "HOFF", "HOLD", "HOLE", "HOLM", "HOLT", +"HOME", "HONE", "HONK", "HOOD", "HOOF", "HOOK", "HOOT", "HORN", +"HOSE", "HOST", "HOUR", "HOVE", "HOWE", "HOWL", "HOYT", "HUCK", +"HUED", "HUFF", "HUGE", "HUGH", "HUGO", "HULK", "HULL", "HUNK", +"HUNT", "HURD", "HURL", "HURT", "HUSH", "HYDE", "HYMN", "IBIS", +"ICON", "IDEA", "IDLE", "IFFY", "INCA", "INCH", "INTO", "IONS", +"IOTA", "IOWA", "IRIS", "IRMA", "IRON", "ISLE", "ITCH", "ITEM", +"IVAN", "JACK", "JADE", "JAIL", "JAKE", "JANE", "JAVA", "JEAN", +"JEFF", "JERK", "JESS", "JEST", "JIBE", "JILL", "JILT", "JIVE", +"JOAN", "JOBS", "JOCK", "JOEL", "JOEY", "JOHN", "JOIN", "JOKE", +"JOLT", "JOVE", "JUDD", "JUDE", "JUDO", "JUDY", "JUJU", "JUKE", +"JULY", "JUNE", "JUNK", "JUNO", "JURY", "JUST", "JUTE", "KAHN", +"KALE", "KANE", "KANT", "KARL", "KATE", "KEEL", "KEEN", "KENO", +"KENT", "KERN", "KERR", "KEYS", "KICK", "KILL", "KIND", "KING", +"KIRK", "KISS", "KITE", "KLAN", "KNEE", "KNEW", "KNIT", "KNOB", +"KNOT", "KNOW", "KOCH", "KONG", "KUDO", "KURD", "KURT", "KYLE", +"LACE", "LACK", "LACY", "LADY", "LAID", "LAIN", "LAIR", "LAKE", +"LAMB", "LAME", "LAND", "LANE", "LANG", "LARD", "LARK", "LASS", +"LAST", "LATE", "LAUD", "LAVA", "LAWN", "LAWS", "LAYS", "LEAD", +"LEAF", "LEAK", "LEAN", "LEAR", "LEEK", "LEER", "LEFT", "LEND", +"LENS", "LENT", "LEON", "LESK", "LESS", "LEST", "LETS", "LIAR", +"LICE", "LICK", "LIED", "LIEN", "LIES", "LIEU", "LIFE", "LIFT", +"LIKE", "LILA", "LILT", "LILY", "LIMA", "LIMB", "LIME", "LIND", +"LINE", "LINK", "LINT", "LION", "LISA", "LIST", "LIVE", "LOAD", +"LOAF", "LOAM", "LOAN", "LOCK", "LOFT", "LOGE", "LOIS", "LOLA", +"LONE", "LONG", "LOOK", "LOON", "LOOT", "LORD", "LORE", "LOSE", +"LOSS", "LOST", "LOUD", "LOVE", "LOWE", "LUCK", "LUCY", "LUGE", +"LUKE", "LULU", "LUND", "LUNG", "LURA", "LURE", "LURK", "LUSH", +"LUST", "LYLE", "LYNN", "LYON", "LYRA", "MACE", "MADE", "MAGI", +"MAID", "MAIL", "MAIN", "MAKE", "MALE", "MALI", "MALL", "MALT", +"MANA", "MANN", "MANY", "MARC", "MARE", "MARK", "MARS", "MART", +"MARY", "MASH", "MASK", "MASS", "MAST", "MATE", "MATH", "MAUL", +"MAYO", "MEAD", "MEAL", "MEAN", "MEAT", "MEEK", "MEET", "MELD", +"MELT", "MEMO", "MEND", "MENU", "MERT", "MESH", "MESS", "MICE", + + + +Haller Standards Track [Page 22] + +RFC 2289 A One-Time Password System February 1998 + + +"MIKE", "MILD", "MILE", "MILK", "MILL", "MILT", "MIMI", "MIND", +"MINE", "MINI", "MINK", "MINT", "MIRE", "MISS", "MIST", "MITE", +"MITT", "MOAN", "MOAT", "MOCK", "MODE", "MOLD", "MOLE", "MOLL", +"MOLT", "MONA", "MONK", "MONT", "MOOD", "MOON", "MOOR", "MOOT", +"MORE", "MORN", "MORT", "MOSS", "MOST", "MOTH", "MOVE", "MUCH", +"MUCK", "MUDD", "MUFF", "MULE", "MULL", "MURK", "MUSH", "MUST", +"MUTE", "MUTT", "MYRA", "MYTH", "NAGY", "NAIL", "NAIR", "NAME", +"NARY", "NASH", "NAVE", "NAVY", "NEAL", "NEAR", "NEAT", "NECK", +"NEED", "NEIL", "NELL", "NEON", "NERO", "NESS", "NEST", "NEWS", +"NEWT", "NIBS", "NICE", "NICK", "NILE", "NINA", "NINE", "NOAH", +"NODE", "NOEL", "NOLL", "NONE", "NOOK", "NOON", "NORM", "NOSE", +"NOTE", "NOUN", "NOVA", "NUDE", "NULL", "NUMB", "OATH", "OBEY", +"OBOE", "ODIN", "OHIO", "OILY", "OINT", "OKAY", "OLAF", "OLDY", +"OLGA", "OLIN", "OMAN", "OMEN", "OMIT", "ONCE", "ONES", "ONLY", +"ONTO", "ONUS", "ORAL", "ORGY", "OSLO", "OTIS", "OTTO", "OUCH", +"OUST", "OUTS", "OVAL", "OVEN", "OVER", "OWLY", "OWNS", "QUAD", +"QUIT", "QUOD", "RACE", "RACK", "RACY", "RAFT", "RAGE", "RAID", +"RAIL", "RAIN", "RAKE", "RANK", "RANT", "RARE", "RASH", "RATE", +"RAVE", "RAYS", "READ", "REAL", "REAM", "REAR", "RECK", "REED", +"REEF", "REEK", "REEL", "REID", "REIN", "RENA", "REND", "RENT", +"REST", "RICE", "RICH", "RICK", "RIDE", "RIFT", "RILL", "RIME", +"RING", "RINK", "RISE", "RISK", "RITE", "ROAD", "ROAM", "ROAR", +"ROBE", "ROCK", "RODE", "ROIL", "ROLL", "ROME", "ROOD", "ROOF", +"ROOK", "ROOM", "ROOT", "ROSA", "ROSE", "ROSS", "ROSY", "ROTH", +"ROUT", "ROVE", "ROWE", "ROWS", "RUBE", "RUBY", "RUDE", "RUDY", +"RUIN", "RULE", "RUNG", "RUNS", "RUNT", "RUSE", "RUSH", "RUSK", +"RUSS", "RUST", "RUTH", "SACK", "SAFE", "SAGE", "SAID", "SAIL", +"SALE", "SALK", "SALT", "SAME", "SAND", "SANE", "SANG", "SANK", +"SARA", "SAUL", "SAVE", "SAYS", "SCAN", "SCAR", "SCAT", "SCOT", +"SEAL", "SEAM", "SEAR", "SEAT", "SEED", "SEEK", "SEEM", "SEEN", +"SEES", "SELF", "SELL", "SEND", "SENT", "SETS", "SEWN", "SHAG", +"SHAM", "SHAW", "SHAY", "SHED", "SHIM", "SHIN", "SHOD", "SHOE", +"SHOT", "SHOW", "SHUN", "SHUT", "SICK", "SIDE", "SIFT", "SIGH", +"SIGN", "SILK", "SILL", "SILO", "SILT", "SINE", "SING", "SINK", +"SIRE", "SITE", "SITS", "SITU", "SKAT", "SKEW", "SKID", "SKIM", +"SKIN", "SKIT", "SLAB", "SLAM", "SLAT", "SLAY", "SLED", "SLEW", +"SLID", "SLIM", "SLIT", "SLOB", "SLOG", "SLOT", "SLOW", "SLUG", +"SLUM", "SLUR", "SMOG", "SMUG", "SNAG", "SNOB", "SNOW", "SNUB", +"SNUG", "SOAK", "SOAR", "SOCK", "SODA", "SOFA", "SOFT", "SOIL", +"SOLD", "SOME", "SONG", "SOON", "SOOT", "SORE", "SORT", "SOUL", +"SOUR", "SOWN", "STAB", "STAG", "STAN", "STAR", "STAY", "STEM", +"STEW", "STIR", "STOW", "STUB", "STUN", "SUCH", "SUDS", "SUIT", +"SULK", "SUMS", "SUNG", "SUNK", "SURE", "SURF", "SWAB", "SWAG", +"SWAM", "SWAN", "SWAT", "SWAY", "SWIM", "SWUM", "TACK", "TACT", +"TAIL", "TAKE", "TALE", "TALK", "TALL", "TANK", "TASK", "TATE", +"TAUT", "TEAL", "TEAM", "TEAR", "TECH", "TEEM", "TEEN", "TEET", +"TELL", "TEND", "TENT", "TERM", "TERN", "TESS", "TEST", "THAN", +"THAT", "THEE", "THEM", "THEN", "THEY", "THIN", "THIS", "THUD", + + + +Haller Standards Track [Page 23] + +RFC 2289 A One-Time Password System February 1998 + + +"THUG", "TICK", "TIDE", "TIDY", "TIED", "TIER", "TILE", "TILL", +"TILT", "TIME", "TINA", "TINE", "TINT", "TINY", "TIRE", "TOAD", +"TOGO", "TOIL", "TOLD", "TOLL", "TONE", "TONG", "TONY", "TOOK", +"TOOL", "TOOT", "TORE", "TORN", "TOTE", "TOUR", "TOUT", "TOWN", +"TRAG", "TRAM", "TRAY", "TREE", "TREK", "TRIG", "TRIM", "TRIO", +"TROD", "TROT", "TROY", "TRUE", "TUBA", "TUBE", "TUCK", "TUFT", +"TUNA", "TUNE", "TUNG", "TURF", "TURN", "TUSK", "TWIG", "TWIN", +"TWIT", "ULAN", "UNIT", "URGE", "USED", "USER", "USES", "UTAH", +"VAIL", "VAIN", "VALE", "VARY", "VASE", "VAST", "VEAL", "VEDA", +"VEIL", "VEIN", "VEND", "VENT", "VERB", "VERY", "VETO", "VICE", +"VIEW", "VINE", "VISE", "VOID", "VOLT", "VOTE", "WACK", "WADE", +"WAGE", "WAIL", "WAIT", "WAKE", "WALE", "WALK", "WALL", "WALT", +"WAND", "WANE", "WANG", "WANT", "WARD", "WARM", "WARN", "WART", +"WASH", "WAST", "WATS", "WATT", "WAVE", "WAVY", "WAYS", "WEAK", +"WEAL", "WEAN", "WEAR", "WEED", "WEEK", "WEIR", "WELD", "WELL", +"WELT", "WENT", "WERE", "WERT", "WEST", "WHAM", "WHAT", "WHEE", +"WHEN", "WHET", "WHOA", "WHOM", "WICK", "WIFE", "WILD", "WILL", +"WIND", "WINE", "WING", "WINK", "WINO", "WIRE", "WISE", "WISH", +"WITH", "WOLF", "WONT", "WOOD", "WOOL", "WORD", "WORE", "WORK", +"WORM", "WORN", "WOVE", "WRIT", "WYNN", "YALE", "YANG", "YANK", +"YARD", "YARN", "YAWL", "YAWN", "YEAH", "YEAR", "YELL", "YOGA", +"YOKE" }; + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Haller Standards Track [Page 24] + +RFC 2289 A One-Time Password System February 1998 + + +Full Copyright Statement + + Copyright (C) The Internet Society (1998). All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph are + included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + This document and the information contained herein is provided on an + "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING + TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION + HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF + MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + + + + + + + + + + + + + + + + + + + + + + + + +Haller Standards Track [Page 25] + -- cgit v1.2.3