securenet - Digital Pathways SecureNet Key remote authentication box
The SecureNet box is used to authenticate connections to Plan 9 from a
foreign system such as a Unix machine or plain terminal. The box,
which looks like a calculator, performs DES encryption with a key held
in its memory. Another copy of the key is kept on the authentication
server. Each box is protected from unauthorized use by a four digit
When the system requires SecureNet authentication, it prompts with a
numerical challenge. The response is compared to one generated with
the key stored on the authentication server. Respond as follows:
Turn on the box and enter your PIN at the EP prompt, followed by the
ENT button. Enter the challenge at Ed prompt, again followed ENT.
Then type to Plan 9 the response generated by the box. If you make a
mistake at any time, reset the box by pressing ON. The authentication
server compares the response generated by the box to one computed
internally. If they match, the user is accepted.
The box will lose its memory if given the wrong PIN five times in suc-
cession or if its batteries are removed.
To reprogram it, type a 4 at the E0 prompt.
At the E1 prompt, enter your key, which consists of eight three-digit
octal numbers. While you are entering these digits, the box displays a
number ranging from 1 to 8 on the left side of the display. This num-
ber corresponds to the octal number you are entering, and changes when
you enter the first digit of the next number.
When you are done entering your key, press ENT twice.
At the E2 prompt, enter a PIN for the box.
After you confirm by retyping the PIN at the E3 prompt, you can use the
box as normal.
You can change the PIN using the following procedure. First, turn on
the box and enter your current PIN at the EP prompt. Press ENT three
times; this will return you to the EP prompt. Enter your PIN again,
followed by ENT; you should see a Ed prompt with a - on the right side
of the display. Enter a 0 and press ENT. You should see the E2
prompt; follow the instructions above for entering a PIN.
The SecureNet box performs the same encryption as the netcrypt routine
(see encrypt(2)). The entered challenge, a decimal number between 0
and 100000, is treated as a text string with trailing binary zero fill
to 8 bytes. These 8 bytes are encrypted with the DES algorithm. The
first four bytes are printed on the display as hexadecimal numbers.
However, when set up as described, the box does not print hexadecimal
digits greater than 9. Instead, it prints a 2 for an A, B, or C, and a
3 for a D, E, or F. If a 5 rather than a 4 is entered at the E0 print,
the hexadecimal digits are printed. This is not recommended, as let-
ters are too easily confused with digits on the SecureNet display.
Digital Pathways, Mountain View, California
The box is too clumsy. If carried in a pocket, it can turn itself on
and wear out the batteries.