rollpwd

README

rollpwd - dynamic password generator

This project generates a time (hour) dependent password for a given username and site combination. The use case is access to an embedded system which may have no or sporadic network connectivity and thus unable to synchronize the time with any standard time source. The intent is that the password generation is controlled and the generated password is shared at the time of usage with the user.

Practical applications include a field team visiting a customer site; the password generation is available through a website, accessible by the field team; the embedded device has this utility authenticate it.

Challenges

The variation in the microprocessor clocks usually manifests as drifting time of day clocks. Due to such a drift, a time dependent password will fail under some border conditions. For a low to medium security requirement, the verification can be tolerant to some drift by generating passwords for 3 scenarios - the clock has drifted ahead, behind or not. The supplied password is accepted if it matches one of these 3. When the drift is < 1 hour then, there are only 2 unique passwords.

Usage

The utility can be used to generate a password for a username for the specified host. The utility can also be used to authenticate the user on the host.

    ../bin/rollpwd --help
    Usage of ../bin/rollpwd:
        --authenticate string   authenticate this password
        --verbose               high verbosity

Examples

    $ date
    Wed Nov 27 20:36:22 EST 2019
    $ ../bin/rollpwd rs@toprllc.com
    2019/11/27 20:36:40 6c9f049218bd63f40610badeb396eb50

    $ date
    Wed Nov 27 20:37:32 EST 2019
    $ ../bin/rollpwd rs@toprllc.com --authenticate 6c9f049218bd63f40610badeb396eb50
    2019/11/27 20:37:55 Authenticated

    $ ../bin/rollpwd rs@toprllc.com --authenticate 7d9f049218bd63f40610badeb396eb50
    2019/11/27 20:39:50 Not authenticated