A beta preview of the TOTP algorithm has been implemented into OTPD, the Open Source OTP daemon I maintain. Aside TOTP, The Feitian c200 hardware token is also supported. Apparently it should be compliant to the TOTP standard, and it is somehow, but the fact that the time seems rounded to the next minute.

The TOTP daemon has been tested also with the OATH Token for iPhone, and it’s fully compliant. You’re more than welcome to report hardware and/or software tokens that works with it.

If you wish, you can check out the sources from Google’s SVN, full instructions are available on the project “source” section.

I started integrating TOTP into my Open Source software OTPD, a multi-protocol OTP server for Linux and Solaris that is capable of integrating with FreeRADIUS. The initial tests with softokens are fine, but it fails with an hardware token. If you have any TOTP compliant device, you have the secret seed, and you wish to contribute, please send me the device for testing.

The GnuTLS project is going to add OpenPGP support as a Transport Layer Security (TLS) Authentication mechanism, as described by the same author in RFC5081.

Currently GnuTLS has experimental support for OpenPGP keys. OpenPGP keys are similar to X.509 certificates, in the sense that hold public key parameters. However they also allow for non-hierarchical trust models. This is not like an other new feature. It is more like a policy change. Here follows a description of both models.

I’ve researched about it for many years, but in my opinion it is far more better than other proposals such as gpgauth or mod_auth_pgp. At the moment, there’s a web server implementation through mod_gnutls under apache2, but no real client implementation is available. An example server and client is provided in the sources as gnutls-serv and gnutls-cli.

It sets the foundation for OpenPGP authentication, but it has still to be adopted into real programs. Will we assist to a real peer-to-peer authentication mechanism and success where PKI failed? I believe that the technology is there, we need to understand if there’s a will for it.

More on the GnuTLS web site.