GRC | PPP - Implementation

In addition to the PPP.DLL file, we have also published a companion Windows command-line executable file (PPP.EXE). This executable uses the PPP.DLL DLL through the DLL's published API to perform standard PPP system functions. Using the PPP.EXE utility, a PPP authentication system can be created just by calling the PPP executable from any high level language. You may also run the command-line program in a "DOS box" command shell to see how it performs. If, for any reason, you would rather not directly invoke the PPP functions in the PPP.DLL you can "shell out" to the PPP.EXE to have it perform any of the main PPP cryptosystem functions.

http://www.GRC.com/files/ppp.zip

In addition to its primary function of generating secure sequence keys and PPP passcode sequences, the PPP.EXE utility is able to analyze the effective strength of any given character set and passcode length, analyze any provided sequence key for the proximity of identical passcodes, and search for "optimal" sequence keys having the largest separation between identical passcodes.

The PPP.CFG file

Since the current (v3) of the PPP system supports user-defined passcode alphabets and passcode lengths, repeatedly including that lengthy and largely static information on a command line made little sense. So the first thing the PPP.EXE utility does when executed is attempt to open a file named PPP.CFG which it parses for two pieces of information:

The first line of the PPP.CFG file specifies the character set from which PPP passcodes will be formed. Every character on the line, from the first one up to the line ending carriage return (CR) or line feed (LF) will be significant. So the first line should contain nothing other than an uninterrupted list of passcode characters.
The second line of the PPP.CFG file contains a single numeric value specifying the length of the generated passcodes. No "sanity checking" is performed upon this length, so it is up to the user to assure that what they specify is what they want. For example, if a passcode length of 30 were specified, using the PPP standard 64-character alphabet, a result like this would result:
4p=#3WCgAcG#bvX8a!hMN+!!!!!!!!
The run of exclamation points appears at the end of the passcode because, with a 64-character alphabet, each successive character of the passcode, starting from the first, "consumes" 6 bits of the passcode's 128 bits of random source material. After 21.3 (128/6) passcode characters have been generated, we run out of "randomness" and always choose the first character of the character set.
After the first two lines the PPP.CFG file can contain anything else, which will simply be ignored. This is convenient for using it as a scratch pad for keeping other previous or possible character sets or other notes.

The PPP.CFG file must reside in the same directory as the PPP.EXE, end with the extension ".CFG" and have the same first name as the ".EXE" (which can be renamed if desired.)

Running PPP.EXE

When PPP.EXE is executed without any parameters it produces the following self-description and configuration analysis:

The analysis appearing below the horizontal divider (above) shows the "bit strength" (effective binary bits of entropy) carried by each passcode character. This is based upon the size of the passcode alphabet provided by the PPP.CFG file. The analysis multiplies this bit strength by the passcode size to obtain and display the total bit strength of a full multi-character passcode. Finally, it computes and displays the total number of possible passcodes by raising the character set size to the power of the number of characters per passcode.

PPP.EXE can be used:

To calculate and generate PPP passcodes given a sequence key or "passphrase".
To search for "higher-quality" sequence keys having the greatest separation between identical passcodes.
To analyze specified sequence keys for the "closest proximity" of identical passcodes.

The format and options for PPP.EXE's command-line parameters when performing various functions can be summarized as follows:

Generate passcodes

Usage: ppp ["]sequence key["] [starting_passcode [passcode_count]]

*sequence key*	:	Exactly 64 non-quoted all-HEX lowercase characters (0-9 a-f) which will be taken as the 256-bit PPP sequence key (without hashing) Alternatively, any string, with optional delimiting quotes, can be provided as a "passphrase". It will be SHA-256 hashed into a 256-bit PPP sequence key. This is generally not recommended due to the difficulty people have with creating strong passphrases.
*starting_passcode*	:	The first passcode in the sequence to return. Passcodes are numbered from 0. If this OPTIONAL parameter is not provided, PPP will dump the 64-character hexadecimal sequence key for subsequent use. This is useful if a "passphrase" was used for the first parameter.
*passcode_count*	:	The number of sequential passcodes to return. If this OPTIONAL parameter is not provided, PPP will default its value to '1' to generate a single passcode.

The three arguments are space-delimited. If a passphrase is provided as the "sequence key" containing embedded spaces, it must be enclosed in quotes and any embedded quotes must be doubled to count as a single non-delimiting quote.

This PPP.EXE command-line utility requires the use of the PPP.DLL for the implementation of the PPP CryptoSystem. Therefore the PPP.DLL must either reside in the same directory as PPP.EXE (where Windows looks for it first), or be located somewhere on the executing process's execution path (typically the \Windows or \Windows\System32 directories.)

Generate a pseudo-random sequence key

Usage: ppp "" [starting_passcode [passcode_count]]

*null key string*	:	When a null key string ("") is provided with no additional parameters, PPP.EXE will generate a high quality pseudo-random 256-bit value and output it as 64 lower-case hexadecimal characters. This is useful for generating permanent sequence keys for PPP authentication accounts.
*starting_passcode*	:	If a "starting_passcode" is provided following the null key string, PPP.EXE will generate one or more passcodes (as specified by the subsequent optional passcode_count) based upon a random sequence key and will output these passcodes in place of the sequence key. So, for example, the command ppp "" 0 will output the first passcode of a random sequence key. This is not useful for typical PPP applications, since the sequence key will be unknown. But it could be used with long passcodes to generate high quality random permanent passphrases.
*passcode_count*	:	The number of sequential passcodes to return. If this OPTIONAL parameter is not provided, PPP will default its value to '1' to generate a single passcode.

Search for "better" sequence keys

Usage: ppp * [search_distance]

*	:	Specifying an asterisk (*) for the sequence key instructs PPP.EXE to begin choosing sequence keys at random and analyzing each key, in turn, to find the distance between the nearest duplicate passcode within the first 100,000 passcodes. (See the discussion below this box for the rationale behind this searching.) PPP.EXE prints each discovered sequence key it finds which has a larger "nearest distance" than any key it has found before. Thus, the longer PPP.EXE runs, the "better" keys it will find. Press Ctrl-C to interrupt the search process.
*search_distance*	:	This OPTIONAL parameter alters the default "search distance" from 100,000 passcodes. If the search distance is short enough, and the PPP alphabet and/or passcode lengths are long enough, it will be possible to find sequence keys which never have any duplicates over a smaller space. For example try ppp * 10000 with the default 4-character passcode length and 64-character alphabet.

"Better" sequence keys?
The PPP cryptosystem has been carefully designed so that, at any time, every possible passcode is equally likely to occur next. This prevents an eavesdropper from recording "used" passcodes for the purpose of eliminating them from a future brute force guessing attack. But during the development and public discussion of the PPP system, a newsgroup participant, "Peabody", worried that a keystroke logger might simply repeat the last (or a recent) passcode not knowing any better (and not knowing that this was a one-time password system). He reasoned that the PPP system ought to, therefore, guard against PPP passcodes from being reused within some time window.

This idea was met with a great deal of discussion and controversy since, for example, the elimination of "near duplicates" would give a knowledgeable attacker the (very slight) advantage of NOT guessing any codes that had been recently used since they would be known not to be possible.

Although no modification of the original system resulted from the extensive public debate, the notion of some sequence keys being "known" not to have near-duplicates emerged, and some people came away liking the idea of being able to find and/or analyze PPP sequence keys for their property of passcode repetition. So the PPP.EXE utility has the ability both to search for and generate keys having successively larger "nearest repeated" passcodes, and (see the box below) to analyze any key provided for the location and distance of passcode repetitions.

Analyze a sequence key's passcode repetition

Usage: ppp ["]sequence_key["] ? [distance]

*sequence key*	:	Exactly 64 non-quoted all-HEX lowercase characters (0-9 a-f) which will be taken as the 256-bit PPP sequence key (without hashing) Alternatively, any string, with optional delimiting quotes, can be provided as a "passphrase". It will be SHA-256 hashed into a 256-bit PPP sequence key. This is generally not recommended due to the difficulty people have with creating strong passphrases.
?	:	The use of "?" as the parameter following the sequence key instructs PPP.EXE to perform a "duplicate passcode proximity" analysis of the first one million (1,000,000) passcodes generated by the provided sequence key. PPP.EXE will generate a list of duplicate passcode distances. The location of any passcodes occurring within a distance of less than one thousand (1,000) passcodes will be displayed.
*distance*	:	The number of passcodes to generate and analyze. If this OPTIONAL parameter is not provided, PPP will generate and analyze one million passcodes. More or fewer passcodes may be generated and analyzed if desired.

PPP.EXE usage examples

The following examples of PPP.EXE usage should clarify any of the foregoing and give you a good sense for PPP.EXE's operation without your needing to run it yourself.

Generate a PPP sequence key

*Input*	:	ppp ""
*Sample output*	:	53303f97ddcf91ed74391fc5c3661246 32427e1c93c1a2e2836d006fa2653dc1

Note: The output hex string is actually a single unbroken string of 64 characters without line feeds or carriage returns. The output is shown broken into two lines above for web page display convenience only.

Passing PPP.EXE the single two-character string ("") parameter instructs it to generate a cryptographically random 256-bit value appropriate for use as a PPP Sequence Key. Internally, this simply calls the PPP.DLL's "GenerateRandomSequenceKey" function, then converts the returned 32-byte buffer into an output of 64 hex characters. The 64-character hex string returned can be provided to any PPP system, including PPP.EXE, for subsequent keyed operations, as follows:

Generate 70 passcodes for the first passcard

*Input*	:	ppp	53303f97ddcf91ed74391fc5c3661246 32427e1c93c1a2e2836d006fa2653dc1 0 70
*Output*	:	32YT 65!@ S3mg skAf wVmK nSge MsXd DzRA t%#f vxDa v!nz ?S9G u9Um HA72 944= Rgai pNv= n5FU SUKU C+wp C+7G jsKV uSGn EH?F R3pW EMd? k=vv @+rC t5yt c:xD BmeV cex4 Zh4t J:oK nUxV EbA@ BHn 09Sa Fo:i MM97 @Urg fkPL %EU+ U8GF F%fY dxXE H5M% :%B7 4YDR vGYq uL%5 7#cE hi+6 99bS 5FVh ZhNr #DnV 8sr7 Dnj3 xf=U 4%a% J#sE pS?e CsCU iYGg KPFV j8@2 dsLf 3#yE BWbj

Note: Once again, the input hex sequence key string shown above is shown on two lines for display convenience. It must be provided as a single unbroken string of 64 lowercase hex characters without line feeds or carriage returns. The output is shown broken into ten lines of seven passcodes, as they would be displayed on a 7x10 passcard. But the function actually outputs them in a single unbroken stream with each passcode separated by a single space. The two arguments — zero (0) and seventy (70) — shown following the hex sequence key request a series of 70 passcodes beginning with the sequence's first passcode (numbered from 0).

Commands of this form would be used to generate sets of sequential passcodes for the creation of individual passcards for transmission to the user and for their subsequent printing. The example above would print the first 70 passcodes (0-69) with the second and third arguments being "0 70". To print the second passcard's code, the arguments would be "70 70". And "140 70" would be used to generate passcodes for the third passcard.

Generate one specific passcode to test a user's response

*Input*	:	ppp	53303f97ddcf91ed74391fc5c3661246 32427e1c93c1a2e2836d006fa2653dc1 2 1
*Output*	:	S3mg

Note: As before, the input hex string shown above is shown on two lines for display convenience. It should be provided as a single unbroken string of 64 lowercase hex characters without line feeds or carriage returns. The two arguments — two (2) and one (1) — shown following the hex sequence key, request the third passcode for the series created with the provided sequence key. (Remember that passcode ordinals are 0-based with the first passcode numbered zero "0".) If you look at the 70-passcode example above, you will see that the returned passcode of "S3mg" was the third passcode returned in the block of 70 for the same sequence key. Note also that for the case of requesting a single passcode, providing the third argument of one (1) was optional. If not provided, a single passcode is returned by default.

A command of this form can be used to generate the next expected passcode in the series for a given sequence key. It would typically be used to authenticate a user by checking their response to a "provide next passcode" challenge.