Secure authentication - OTP? Token?
 

Hello,

I'm interested in experimenting with secure authentication methods - specifically, one-time passwords and/or hardware tokens.

As to OTP, I've seen OPIE but don't like the idea of hard-printing a list of passwords, and am not very interested in running an OPIE generator on my Palm-based smartphone - an inherently insecure device. I've considered the idea of building a small microcontroller-based unit to either generate OPIE passwords or, more realistically (due to the capabilities of these units) store a pre-generated list.

More to the point, I really like the idea of a hardware password generator like the SecurID or SafeWord card, but don't have the budget for their server software. Does anyone know of a hardware solution which can be paired with an F/OSS server, or a PAM module?

I am too interested in any hardware implementations of open source OTP -- possibly an SKEY fob. Haven't seen or heard of any other than the popular SecurID.

Any Ideas?

secure computing make one called safeword. It implentments one-time passwords and each keyfob requires a pin number.

I'm familiar with SafeWord cards - I actually have 3 from various machines at various jobs.

Unfortunately, I know that their infrastructure is quite expensive. I was looking for something that I could reasonably use for 3 users on a development network - essentially dirt cheap.