SkeyCalc.app A Graphical S/Key Response Calculator for NEXTSTEP by Colin Henein Current Release Summary ----------------------- Version: 1.1 Release: September 21, 1997 Distribution Point: http://www.consecol.org:80/~cmh/SkeyCalc/ Features: - Runs as a service, or as an application - Auto-selection of MD4 or MD5 based encryption based on input (Note: SHA is not supported in this release). - Does some very smart searching through input text looking for challenges so you can be sloppy about selecting more text than you need. Even works with select all in most cases! - Saves which encryption engine you like to use as a dwrite - Doesn't save your password, or do anything intelligent at all in this regard User Information ---------------- SkeyCalc is now shareware software. Although, of course, version 1.0 was free, I'd appreciate your being honourable and registering 1.1 if you really use the software, rather than continuing to run 1.0. Of course, if you don't have 1.0, you have no options. Regardless, if you use 1.1 for more than 30 days you must register. Registration fees are resonable, and academic users receive significant discounts. To use this program, install the package into your /LocalApps directory, or the Apps directory in your home directory. You can -- of course -- install it somewhere else, but it will not likely present itself as a service if you do. This program is usually launched as a service by selecting the challenge text in Terminal or Stuart or wherever, then selecting "SKey Response" from the services menu. If you select the otp-xxx portion of the challenge text, the program will select the correct encryption algorithm automatically. If you don't select the otp-xxx portion, you will need to select the engine manually, although the software will remember your preference for next time. Regardless, the challenge is automatically copied into the challenge portion of the window, and the cursor is positioned in the password field, ready for you to type your password. Since the key is the shortcut for the actual calculation, this is really quite fast. The correct response is calculated, then this response is "copied" automatically onto the clipboard. The calculator exits automatically, and you may then use the "paste" menu option (or hot key) to paste the response in the appropriate application. If you don't want to use the services menu, you may double-click the SkeyCalc.app program itself and either type the challenge into the challenge field, or copy and paste it. Then, type your password into the password field, optionally select an encryption engine, then press or click the "Calc & Copy" button. Intelligent searching --------------------- - SkeyCalc will search your input for valid challenges and discard any extraneous data, including newlines, and other text. This is particularly useful when running the program as a service. You can triple-click the challenge line, even if it contains other text, then select the services menu option. In fact, you can select whole screens of data, or be sloppy with the mouse and select a few lines. S/Key is a pain, so even these little details can make a calculator much easier to use. - Tip: You can even go as far as using the "select all" menu option to select all the text in your terminal buffer before pasting. Since SkeyCalc uses the last match, this even works if there is a previous challenge higher in the buffer. Of course, if there is a significant amount of data in the buffer SkeyCalc will take a bit more time to locate the pattern. Changes with 1.1 release ------------------------ Auto-sense of encryption type added: SkeyCalc always required that the user manually select the encryption engine. Since RFC-1938 compliant challenges contain an "otp-xxx" selection phrase there didn't seem to be any good reason for this, except that I didn't write the code. This has now been fixed. SkeyCalc will remember the last algorithm that you manually select, but it will be temporarily overridden with the otp-xxx string from the input, if present. This makes us fully compliant with the RFC. Better searching for challenge strings: Previously SkeyCalc required the user to select only the challenge when forming the request. Now, it searches through its input for the last challenge matching the pattern "otp-xxx ### xxxxxxx", allowing the user to select any amount of text containing the query. If that pattern is not found, SkeyCalc will use the user's default encryption engine choice, together with the last occurence of the a string matching the "### xxxxxxx" pattern, which is popular for some servers who aren't strictly compliant with the RFC-1938 specification. This usually works even with selecting whole buffers of text with 'Select All', meaning that if you assign a shortcut for SkeyCalc, you have only to type cmd-a, cmd-?, your password, enter and cmd-v, thats 4 keys, plus the length of your password. Not too shabby... Replace mode removed: It used to be that SkeyCalc offered two services, one to compute a challenge reponse and then put it into the pastebuffer (Copy Response), and the other to attempt to insert the response directly into the original application (Replace with Response). It was found that no useful applications allowed the Replace with Response service. Moreover, that feature was a big hack since NEXTSTEP really doesn't support interactive replacement services. SHA Encryption still not present: Ok, so this isn't a change. I just wanted to comment that the code for SkeyCalc has been entirely rewritten to facilitate my adding of other encryption systems, including SHA. I even have some SHA calculating code. Unfortunately this code seems to give different results on different platforms. I've decided not to delay the release of this version any further, but a version 1.2 supporting SHA encryption is in the works. Source Code, Disclaimer, License and Credits -------------------------------------------- Source code to SkeyCalc is not available because it is copyrighted software. The encryption and S/Key calculation portions of the program, however, are contained in the OPIE library from NRL. Further copyright attribution and license information is located within the program under the "Registration..." menu item. I'm prepared to answer questions about the implementation, and am willing to discuss individual copies of source code for inspection purposes, although I'm not really keen on this. SkeyCalc and this document are copyright (C)1997 Colin Henein.