otp: Not as simple as it looks

At first glance otp seems like a rather straightforward password generator.


And there are at least a half-dozen ways to generate random passwords at the Linux console, so why is otp special?

Well, aside from being more flexible in its output than jamming /dev/urandom through tr, or chopping off the output of mcookie, otp has a couple of other cool gimmicks.

For one, it can follow English language conventions, meaning the passwords you get look like chopped up English words.

Not cool enough? How about controlling otp’s seed to pitch the random number generator in a predictable fashion.

“That’s dumb, K.Mandla,” you say. “Why in the world would anyone want predictable passwords?”

Well it does suggest that two people using otp could share passwords without saying them outright to each other, just by knowing the seed and which output to choose. Seed is 33, password is 15, or something James Bond-ish like that.

otp does other stuff too, like uppercase and lowercase passwords, passwords only in numbers, and producing md5 signatures for keys. And you can format its output to your screen dimensions, which would be important if you have long passwords breaking across lines.

otp is one of those programs that’s easy to overlook, and yet is strikingly effective. And oddly enough, this too is in Debian, but not in Arch or AUR. 😕 Archers don’t like the letter O, I guess. …

2 thoughts on “otp: Not as simple as it looks

  1. thisnameisfalse


    generating password lists is only half of the question: you also need to reconfigure authentication system of your box to get a secure password system.

    The most extended system of one-time password authentication is skey/opie implementation, used in some BSD systems, but that can be integrated in Linux.

    See https://www.freebsd.org/doc/handbook/one-time-passwords.html , http://www.fatsquirrel.org/veghead/wot/skey.php and https://wiki.archlinux.org/index.php/S/KEY_Authentication

  2. Pingback: pwgen: Making it up as you go | Inconsolation

Comments are closed.