One-Time Password (OTP) Generator for Microsoft Windows 95 and NT

WinKey is a one-time password (OTP) generator for the one-time password
system described in RFC 1938.  It is based on the opiekey program from NRL's 
OPIE 2.x distribution, with enhancements for a graphical user interface.  
The goal of this generator is to minimize the number of extra steps
involved in challenge/response OTP authentication.

To use, type the OTP challenge in the "Challenge" field (or paste it with
<Ctrl-V>).  This should include an optional algorithm specifier ("otp-md4" 
or "otp-md5"), followed by a space and a positive integer sequence number, 
followed by a space and a seed string.  Then type the secret key into the 
"Password" field and hit <Enter> (or press the "Compute" button) to generate 
the OTP in the "Response" field.  You can then copy the response value with 
<Ctrl-C> or use the Auto Copy option described below.

The Options screen allows for selection of a default hash algorithm (if one
is not specified in the challenge) and some user preferences.  The MD4 
algorithm is used by S/Key; both MD4 and MD5 are supported by OPIE.  The 
"Auto Paste Challenge" option will check the clipboard for a text string 
that looks like an OTP challenge and automatically paste it into the 
"Challenge" field when the window is activated.  The "Auto Copy Response" 
option will automatically copy the "Response" field into the clipboard after 
each computation.  The "Auto Decrement Sequence" option will automatically 
decrement the sequence number in the "Challenge" field after each 
computation.  The "Auto Clear Password" option will clear the password from
the "Password" field and from memory after each computation.  The "Append
CR LF to Response" option will append an end-of-line sequence to the end of 
the response string.  The "Save" button will save the options to the system
registry under the key "HKEY_CURRENT_USER\Software\Technologic\WINKEY".  The 
"Apply" button will set the options without writing to the registry.

I developed this software with Microsoft Visual C++ version 4.0 Standard
Edition.  The source code is provided.  You will need MSVCRT40.DLL, MFC40.DLL,
and CTL3D32.DLL in order to use WinKey.  You can download all three from:
ftp://ftp.tlogic.com/pub/skey/msvc.zip.  DON'T install these on your machine
unless you do not have them or are sure that you have older versions.  I am
currently working on a DLL version that can be used by terminal and ftp clients
to easily integrate OTP support.

The NRL OPIE copyright notice is contained in the file "COPYRIGHT.NRL".

Please send comments and suggestions to David Aylesworth <dave@tlogic.com>.

David Aylesworth
Technologic, Inc.
http://www.tlogic.com/
