|
Over a known secure connection, the user establishes an OPIE passphrase, and the sequence counter is initalized to 500
When logging in remotely, the user is presented with the sequence number
The user generates the OPIE response by feeding their passphrase through a cryptographic hash N times, where N is the sequence number
If successful, the user is authenticated, and the sequence number is decremented.
It's possible for a third party observer to generate N+1, but not N-1
For added security, the server appends a random seed
|