What is the one-time password system(OTP)?
OTP is a secured system from external attacks on its authentication subsystem. OTP does not prevent the wily cracker from eavesdropping on your network and gaining access to sensitive information, however. This cannot even be achieved solely with the use of a firewall. Network eavesdropping can be prevented only by eliminating the ability to sniff packets where sensitive data passes. OTP also does not protect the organization from `inside jobs' or against active attacks in which the potential intruder is able to intercept and modify the packet stream.
Good password security is part of your first line of defenses against system abuse. People trying to gain unauthorized access to your system often try to guess the passwords of legitimate users. Two common and related ways to attack on computing systems connected to the Internet are through the theft of the system password file and through eavesdropping on network connections to obtain user IDs and passwords of legitimate users.
The one-time password system is designed to counter user password to be captured on the network and force a user to user a different password each time he or she logs in. This is accomplished by providing the user with a password that is different for each login, whether the login attempt is successful or not. As a result, it is not possible for the passwords to be re-used in a replay attack.
How OTP work?
The typical Unix system presents an unsecured login prompt where the user enters a passwrd. The password is sent in clear text across the local or wide area network, thereby making it easier for the cracker to steal the password.
When the OTP system is in operation, only a single-use password ever crosses the network. This one-time password consistes of six English words and therefore is not discernible from an ordinary Unix cleartext password. When using either the multi-use or single-use password, the text is sent in the clear across the network. This means that the text is not private.
OTP work by providing the user with a challenge. The challenge is a predetermined string of text, to which there is only one possible responese. OTP makes use of a seed value, an iteration value, and a secret pass phrase that is known only to the user. The challenge is composed of the seed value and the iteration value. Ther response to the challenge is generated using a special program called a calculator on the user's workstation. Using the seed an iteration values, along with the user's secret pass pharse, the response to the challenge is generated. The user's secret pass pharase never crosses the network at any time, including during login or when executing other commands requiring authentication.