2012/12/13

Perfect Paper Passwords in go

For those of you who don't know what perfect paper passwords are, it's an algorithm developed by Steve Gibson http://www.grc.com/ppp that generates a set of unique single-use passwords perfect for two factor authentication.

Why two-factor authentication?

Since usernames and passwords never changes it is a potential security issue and leaves the site vulnerable to abuse if these are broken. Two factor authentication on the other hand takes authentication another step in that it requires both something you know (username/password) as well as something you have (perfect paper passwords). The site keeps track on which passcode number you're currently atand on login asks for the next in the sequence. This prevents brute force attacks against login forms on sites as well as trying common passwords.

My Go implementation of this algorithm is a port of John Graham-Cumming's C implementation which can be found on http://bitbucket.org/jzs/ppp.


blog comments powered by Disqus