I'd like to make an SSH-equivalent (possibly XTerm equivalent) shell that
a) can be used from any web browser with minimal presumed tech level (e.g. just HTML + JavaScript), and
b) is highly resistant to local hostility (i.e. keyloggers, sniffers, etc), and
c) can be used with relative ease by the owner without any external devices or lists of passwords, and
d) is secure both for entry (i.e. initial login) and ongoing use (e.g. sudo, ssh, mysql password entry; text editing; etc).

B, C, and D, AFAICT, rule out both S/Key and (S/Key-based) OPIE - because you cannot depend on any trusted local tool to calculate responses, nor on an extensive precomputed password list (other than for people with eidetic memory), nor (typically) on something like OPIE being installed on the remote system to protect all password entries. (And anyway, OPIE does not protect generic text entry - suppose you want to open up a commandline email client and send an email, with its contents secure from the local terminal?)

I don't know of *any* one time password or challenge/response system that doesn't either rely on math that's not feasible for normal people to do in their heads, or have a severely limited (and thus replayable) keyspace.

One thing I thought of that may help (but is of limited utility if there's a sniffer or screencapper involved) is to have a remotely-generated substitution cipher that's displayed to the user through the client. E.g. have a picture of the mapped keyboard; any input is then passed through that mapping, and the map is changed on a regular basis (e.g. every x seconds; every password; etc).

However, this is pretty bad for usability, and rendered useless if the adversary captures the hash - since it can't be a secret; it can only be something that interferes with normal keylogging or the like.


Any suggestions for a real, secure, human-usable challenge/response OTP system?