Your best friend for file transfer.

Fetch application logoFetch

OTP Words/Hex switching (4 posts)

This is an archived topic. The information in it is likely to be out-of-date and no longer applicable to current versions of Fetch.
  • Started 23 years ago by rinopo
  • Latest reply 23 years ago from Jim Matthews
  • rinopo Member

    I'm having trouble with Fetch 3.03's OTP support.
    I get "Login incorrect" with the right ID/password (when I try to FTP on a Windows client, it does work).

    The content of the Fetch Transcript window become like this:

    Connecting to otp.****.edu port 21 (01.03.14 02:20:06)
    220 otp.****.edu FTP server (Version 4.120 1999) ready.
    331 s/key 95 ot89816
    Generated S/Key Response: 9F0AAF7B433D7169
    530 Login incorrect.

    I'm guessing that the "Generated S/Key Response" should be something like "RISE OUCH FAST BUCK BRAD WART" instead of "9F0AAF7B433D7169."

    Is it possible to switch the resulted passphrase that Fetch computes from Hex values to words?


    Posted 23 years ago #

  • Jim Matthews Administrator

    The server should accept either hex or words; my guess is that Fetch is sending the wrong hex. Could you try Fetch 4.0b6? It fixes a bug in 3.0.3's S/Key handling.

    Jim Matthews
    Fetch Softworks

    Posted 23 years ago #

  • rinopo Member

    Thank you for your advise!

    Now I see what was the real problem, I guess.
    My FTP server requests the password calculated with MD5 algorithm, and Fetch (both 3.03 & 4.0b6) sends MD4 result.

    I've come to this conclusion by comparing the result of my OPIE calculator and the Fetch response.

    Is this problem solvable, or do I have to use the "***CHALLENGE***" method?

    thanks again.

    Posted 23 years ago #

  • Jim Matthews Administrator

    I believe that the S/Key standard calls for using MD4 (and that if you want to use MD5 you should use OTP, S/Key's successor). I could think about a preference to have Fetch use MD5 rather than MD4.

    Posted 23 years ago #

Topic closed

This topic has been closed.