FreeAuth MIDLet Screen Shots - The FreeAuth Project - Trac

Wiki Navigation

FreeAuth MIDLet Screen Shots/How To

Starting with the 2.2 version releases you now need to enter a 8 digit PIN each time you load the applet, the PIN you use is used to encrypt the information sotred on your phone and this is very important. The reason for this is because the exact features of your phone are unknown and your phone carrier or others (like government agencies) may be able to extract your shared secrets and alias information to connect to any of your sites/servers. In future this PIN will also be used to encrypt backups that you upload over http.

The initial welcome screen you will see, press any key to continue.

Next you need to press 20 random buttons to help with the hash entropy

Next you will be prompted to give the hash an alias, you can hit keys multiple times to jump between numbers and letters, you can press the 'Delete' key to delete the previous number/letter or press the 'Next' button once you are happy, there is a limit of 16 numbers and letters. If you are on a memory limited device you may want to use less characters to store more shared secrets etc.

Once you have entered and finished entering your alias the phone will show your hash, this should be kept secret and stored safely on any websites or servers. This is the one and only time you will see the hash so make sure you write it down correctly'''

You can now enter 4 digit PINs and the phone/PDA will spit out your one time passwords!

If you choose 'Switch CharSet' from the menu you will also be able to output 32 bit passcodes, this is useful if you are using dumb terminals with limited character keyboards.

If you have a shared secret loaded you will be able to reset and delete the hash, becareful though, if you accept the warning the hash will be lost forever!

After you load a shared secret you can go to the info menu item to view when the shared secret was created.

If you find passwords consistently just don't work you may want to check the time zone settings to be sure the time zone is valid, go to this page to compare what the phone thinks is valid, use the up or down arrow keys to go up or down as needed.

Next time you start the java app you will see all your hashes, in this case I have hashes stored so I can log into CAcert.org, e164.org and NodeDB, if you type in '11' the hash for CAcert.org will get loaded and I will be able to use it like in the previous step.

Attachments

ss1.jpg (7.1 kB) - added by evilbunny on 03/12/07 23:44:47.
ss2.jpg (6.4 kB) - added by evilbunny on 03/12/07 23:44:59.
ss3.jpg (7.0 kB) - added by evilbunny on 03/12/07 23:45:15.
ss4.jpg (5.4 kB) - added by evilbunny on 03/12/07 23:45:30.
ss5.jpg (6.7 kB) - added by evilbunny on 03/12/07 23:47:17.
ss6.jpg (4.9 kB) - added by evilbunny on 03/12/07 23:47:29.
ss7.jpg (5.3 kB) - added by evilbunny on 03/12/07 23:47:40.
ss8.jpg (6.7 kB) - added by evilbunny on 03/12/07 23:48:27.
ss9.jpg (5.8 kB) - added by evilbunny on 03/12/07 23:48:46.
ss10.jpg (7.5 kB) - added by evilbunny on 03/12/07 23:48:59.
ss11.jpg (5.4 kB) - added by evilbunny on 03/12/07 23:52:00.
ss12.jpg (6.5 kB) - added by evilbunny on 03/12/07 23:52:09.
ss13.jpg (5.6 kB) - added by evilbunny on 03/12/07 23:52:30.

Download in other formats:

Plain Text