otpsock - One-Time Password calculator Windows Sockets
             Version 0.2.5 Jan 12, 1999
             Copyright (C) 1996-1999 NEC Corporation
             All rights reserved.


Table of contents
  1. Description
  2. Disclaimer
  3. Distribution package
  4. Features
  5. Installation
  6. Usage
  7. Explanation of the Mode
  8. Other features
  9. TTXOTP
  10. Notice
  11. Bug reports, suggestions, ...


1. Description
  Otpsock is a 32bit Windows Sockets DLL which includes a one-time password
  calculator.

  Otpsock scans all the received data from a remote host to find a challenge.
  When it finds one, it displays a passphrase input dialog, calculates a
  one-time password from the passphrase and send it to the remote host. To
  login a remote host, you only need to input a passphrase.

  You can use S/KEY and OPIE systems with Web Browsers and FTP applications as
  well as terminal applications.


2. Disclaimer
  1. This software may be used without fee.
  2. NEC Corporation accepts no responsibility for damages resulting from
     the use of this software and makes no warranty.
  3. You must not sell a software package which includes this software package.
  4. You can redistribute this package as long as you don't modify any of files
     in this package and you deliver all the files in this package.


3. Distribution package
  These files are included in this distribution package.
    o wsock32.dll   otpsock program file
    o ttxotp.dll    TeraTerm Extension Module
    o readme.txt    Release Note (English)
    o readme-j.txt  Release Note (Japanese)
    o src.zip       source files of otpsock
    o sampreg.zip   Sample of registories


4. Features
  o RFC 1760, 2289 compliant
  o Challenge message formats of S/KEY for BSD/OS are available.
  o A small passphrase input dialog pops up automatically
  o Selects a hash function, a sequence number and a seed automatically
  o Sends a one-time password to the server automatically
  o Makes any applications possible to use S/KEY and OPIE systems.
  o A warning message pops up if the sequence number is equal to
    20, 10, 5, 4, 3, 2, 1 or 0.


5. Installation
  1. Install an application to be used with otpsock in a directory.

  2. Copy wsock32.dll(otpsock) in the directory in which the executable file
     exists.

  3. Change the registory as follows
     Key:
        - For Windows 95 (if you use Windows95 B or later, you needn't change.)
            HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP
            \ServiceProvider
        - For Windows NT 3.5x
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip
            \ServiceProvider
     Name:  ProviderPath (REG_SZ)
     Value: wsock32.dll


6. Usage
  1. When a passphrase input dialog pops up, you input your passphrase.


7. Explanation of the Modes
  There are two modes.
    TELNET mode : Sends a one-time password with CRLF immediately
    FTP mode    : Sends "PASS <one-time password>CRLF" later
  You can change the mode on the passphrase input dialog.
  If 'T' is checked, TELNET mode is set.


8. Other features
  o Using with dotkey95
      A one-time password calculation is made on the dotkey95. This means
      that memory cache of passphrase of dotkey95 can be used.
  o Using with stelsock
      Rename wsock32.dll of stelsock to ws_otp.dll and copy it in the directory
      in which wsock32.dll of otpsock exists.
  o Using with Hummingbird Socks V4 Winsock
      Rename wsock32.dll of Socks Winsock to ws_otp.dll and wsock32.dll of
      original Winsock to wsock32o.dll. And copy both files in the directory
      in which wsock32.dll of otpsock exists.
  o Calculating s/key as MD5
      Set the value of the "bSKeyMD5" (REG_DWORD) on the HKEY_CURRENT_USER\
      Software\NEC\WinSock\otpsock key to a non-zero.
  o Setting user definition of challenge patterns
      Make REG_DWORD type values on the HKEY_CURRENT_USER\Software\NEC\WinSock\
      otpsock\keywords. Use the challenge pattern as a name of the value and
      set the value to 1(MD4), 2(MD5) or 3(SHA1).
      ex.) Challenge: "OTPMD5 222 aaaaa"  --> ValName: "OTPMD5"
                                              value:   2
  o Setting user deginition of the end of a challenge pattern
      Set the value of the "ChallengeEnd" (REG_SZ) on the HKEY_CURRENT_USER\
      Software\NEC\WinSock\otpsock key to a challenge end pattern.
      ex.) Challenge: "s/key 222 End_Of_Seed]]]" --> ValName: "ChallengeEnd"
                                                     value:   "End_Of_Seed"


9. TTXOTP (OTPSOCK for TeraTerm Extension)
  TTXOTP is a one-time password calculator module for TeraTerm Pro
  <http://hp.vector.co.jp/authors/VA002416/teraterm.html>.
  The functions are the same as the WinSock version of OTPSOCK.

  o Installation
    1. Install TeraTerm Pro ver.2.3 or later.

    2. Copy ttxotp.dll in the directory in which TeraTerm was installed.

    3. Set the environment variable, "TERATERM_EXTENSTIONS", to 1.
       - For Windows95 or Windows98
         Add "set TERATERM_EXTENSIONS=1" to c:\autoexec.bat.

    4. If the WinSock version of OTPSOCK has been installed, remove the
       wsock32.dll (otpsock).


10. Notice
  o Give a special care to re-register of a sequence number and a seed.


11. Bug reports, suggestions, ...
  Please let me know, if you find any bugs or have any suggestions.
  E-Mail: pochi@ccs.mt.nec.co.jp


Master site:
  <http://tama.gate.nec.co.jp/so/>
  <ftp://ftp.nec.co.jp/pub/packages/sotools/>
Mirror sites:
  <ftp://ftp.win.ne.jp/pub/network/security/sotools/>
  <ftp://starbow.st.ryukoku.ac.jp/pub/security/tool/sotools/>


S/KEY is a trademark of Bellcore.
MD4 and MD5 are trademarks of RSA Data Security, Inc.
Windows and WindowsNT are registered trademarks of Microsoft Corporation.