A USB dongle for one-time passwords


The benefits of OpenKubus include portability and the ability to customize hardware without breaking the bank. The drawback is that the stick and all the servers need to synchronize the serial number. If you need to authenticate against multiple servers, you will need a central server. Tools for managing OpenKubus in larger environments with large numbers of users are still rudimentary.

OpenKubus will not protect you against man-in-the-middle attacks [8]. The service you are calling has to demonstrate authenticity separately. However, the project is an exciting platform for any administrator interested in experimenting.


  1. "One-Time Passwords" by Udo Seidel, Linux Magazine, November 2008, pg. 22
  2. USBprog wiring diagram: http://www.embedded-projects.net/usbprog
  3. Shop for OpenKubus hardware: http://shop.embedded-projects.net
  4. OpenKubus: http://code.google.com/p/openkubus (in German)
  5. Installation notes on AVR-GCC: http://www.nongnu.org/avr-libc/user-manual/install_tools.html
  6. PAM configuration syntax: http://kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-configuration-file.html
  7. Wrapper Generator SWIG: http://www.swig.org/
  8. Man-in-the-middle attacks: http://en.wikipedia.org/wiki/Man-in-the-middle_attack

The Author

Benedikt Sauter and Michael Hartmann are both interested in open source and hardware tinkering. The authors both work on customizing embedded devices for the OpenKubus project.

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • One-Time Passwords

    A one-time password won't compromise security if it falls in the wrong hands. OPIE and OTPW bring the safety of one-time password security to Linux.

  • Password Management Services Vulnerable to Attack

    Should you trust an online service to store your online passwords?

  • Security Lessons: Hacking Hardware

    Now that your networks are secure and you’ve convinced your users to secure their passwords and software, it’s time to turn your attention to your hardware to keep it from being attacked.

  • Smart Access Intro

    Maybe password security isn't perfect, but most networks depend on it. This month we examine some tools for smarter, more versatile authentication.

  • Ask Klaus!

    Klaus Knopper is the creator of Knoppix and co-founder of the LinuxTag expo. He currently works as a teacher, programmer, and consultant. If you have a configuration problem, or if you just want to learn more about how Linux works, send your questions to: klaus@linux-magazine.com

comments powered by Disqus

Direct Download

Read full article as PDF: