Passgen for Windows
Protecting systems using One-Time Passwords
Introduction
PassGen is a toolkit to generate one-time passwords.
A One-Time Password is a password that is used only once. It can be used to
authenticate users in a secure manner across insecure networks as once the
password is used it can never be used again.
What does this toolkit consist of?
- C++ Classes to help you use the IBM Security Server (RACF) Passticket interface
- C++ Classes to help you use the S/Key interface
- Visual Basic interface to help you use the IBM Security Server Passticket interface
- Visual Basic interface to help you use the S/Key interface
- C interface to help you use the IBM Security Server Passticket Interface
- C interface to help you use the S/Key Passticket Interface
- A key storage facility (The Keystore) that stores your keys in an encrypted manner.
- Sample Visual Basic Application
- Sample C++ Application
- User Interface Applications
- Command Line Interface (CLI).
The CLI provides generation and keystore management functions.
The Keystore
To provide secure storage PassGen provides an encrypted database called a Keystore. A Password is required to encrypt and decrypt data in this database.User Interface application
This application provides users immediate access to the toolkit with an application that can be used to store keys and generate One-Time Passwords. Users can try this technology easily and quickly by generating a password and then using cut-and-paste to input it into an application.
PassGen provides two one-time password systems in one convenient Windows application :
- The IETF One Time Password Standard - S/KEY (RFC 1760). Most UNIX and Firewall systems provide support for this standard.
- IBM Security Server ( RACF™ ) Passticket algorithm available in RACF, CA-ACF2 and CA Top-Secret. This provides secure logon to IBM Mainframe systems. The Passticket can be used as a direct replacement for static Passwords, no changes are required to your existing applications.
Applications can use the Passticket algorithm or S/KEY with a variety of programming interfaces including :
- ActiveX - for use with Visual Basic, Delphi
- COM - for use with IIS and user applications
- C/C++ interfaces for user applications
- Java Native Interface ( JNI ) under Windows allows systems such as WebSphere and Tomcat to access the PassTicket algorithm
For systems with no One Time password support PassGen also provides encrypted password storage.
Key Benefits
- Easily generate single use IBM Security Server Passtickets in your applications
- Easily generate S/Key one time passwords.
- Prevents Passwords from being intercepted on LAN and WAN
- Provides secure storage for One-Time Password keys
- Quick start with a supplied sample Passticket application
Technical Requirements
| Supported Platforms | Supported Security Systems |
| Windows 95/98 Windows NT Windows 2000 Windows 2003 |
IBM Security Server ( RACF ) 1.9 or above Computer Associates Top-Secret 5.1 or above Computer Associates ACF/2 6.1 or above Any S/KEY (RFC 1760) compliant system such as UNIX or Firewalls |