aboutsummaryrefslogtreecommitdiffstats
path: root/security/donkey/pkg-descr
blob: fccfc212674c5ea1ad3cb4908f794e753682248f (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
---- From 00readme (slightly modified) ----

<What's Donkey?>

Donkey is an alternative for S/KEY's "key" command. The new feature that
the original key doesn't have is print an entry for skeykeys as
follows;

    kazu 0099 al02004          115d83956f1089b6  Apr 26,1995 22:13:27

This means that donkey is also an alternative for "keyinit". Since the
entry is printed to stdout (not to /etc/skeykeys), you can easily send
it to remote operator by e-mail (with PGP signature or something). So,
it is possible to initiate S/KEY without logging in from the console of the
host.

The name "Donkey" is an acronym of "Don't Key".

<How to use Donkey>

(1) Calculate a One-Time-Password.

Execute Donkey with sequence and seed, then input your passphrase.

The -f option allows you to choose hash function from MD2, MD4, and MD5.

The default hash function is MD4 due to the historical reason.

(2) Calculate multiple One-Time-Passwords at once.

Use -n option.

Note that although "Enter passphrase" is printed out to stderr,
One-Time-Passwords go to stdout. So, you can redirect the output
safely.

(3) Print skeykeys entry.

Use -i option without argments. Then, enter login name, sequence and
seed. If you like default value, just type RET. Input your passphrase
twice to get the entry.

<Copyright>

Donkey conforms GNU GENERAL PUBLIC LICENSE Version 2 and is
    Copyright (C) 1995 Kazuhiko Yamamoto 
     <kazu@is.aist-nara.ac.jp>