Cartman is a PAM authentication module which implements a challenge-and-response method for login. The server issues a challenge, which the user must enter into a response generator application. I have written Blackberry, C, and Java (Applet) response generator applications. A login would look like this:
hellfish login: bkg Challenge: 3847HJD752DASJ23J3242J Response: LKJ879JHG76HGF65HF657H
Cartman uses 128-bit MD5-hashed keys, or optional 64 or truncated 32-bit ones for easier data entry. (Keys are base-32 encoded for dislplay/entry). Multiple modules can be registered to allow the user to use a smaller key:
hellfish login: bkg Challenge: 3847HJD752DASJ23J3242J Response: Challenge: 3847HJD752 Response: Challenge: 3847 Response: LKJ8
The main advantage to this, is that anyone sniffing your keystrokes cannot break into your system, as each successive login attempt will be greeted with a new challenge.
I will be releasing the code GPL whenever I get around to it. In the meantime, if your intestested in it, write me: brad-at-thisdomain.
See the Java Response Generator