|
PhoneChallenge - Module that does simple challenge/response using only numbers, for use in phone systems. |
PhoneChallenge - Module that does simple challenge/response using only numbers, for use in phone systems.
This module is a simple challenge/response system for use over the phone. The scheme is that a user is issued a list of indexes and values. When they need to authenticate the system prompts them with an index and they respond with the associated value.
use Authen::PhoneChallenge; my $auth = new Authen::PhoneChallenge($authFile); $auth->set_user($userId); $auth->get_challenge(); ... $auth->check_response($resp);
The authentication file is a simple XML document in the following format:
<users> <user id=``1234''> <token challenge=``1'' response=``1234'' used=``0''/> <token challenge=``2'' response=``3456'' used=``0''/> </user> </users>
Create a new challenge object. Must pass a authentication file name (See FILE FORMAT above)
Set the user ID for all future operations.
Get a challenge for the user. Calling get_challenge will invalidate any outstanding challenges.
Check a response for validity.
No know bugs at this time. If you find one let me know.
BIG SCARY NOTE: This module IS NOT, and WILL NOT be as secure as a real challenge/response/OTP system (like OPIE). It was written only to be slightly more secure than a shared PIN number among users.
Scott Peshak <speshak@randomscrews.net>
Copyright (c) 2007 Scott Peshak All rights reserved.
This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See the perlartistic manpage. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
PhoneChallenge - Module that does simple challenge/response using only numbers, for use in phone systems. |