Shostack + Friends Blog Archive


WiKID Goes Open Source

WiKID is a two-factor authentication system. It consists of: a PIN, stored in the user’s head; a small, lightweight client that encapsulates the private/public keys; and a server that stores the public keys of the client’s and the user’s PIN. When the user wants to login to a service, they start the client and enter their PIN, which is encrypted and sent to the server. If the PIN is correct, the account active and the encryption valid, the user is sent a one-time passcode to use instead of a static password.

Yesterday, they announced that they’ve open sourced their system. I really like the WiKID system, which transforms your mobile phone into an authentication device. Making it GPL allows anyone to use it.

One fascinating aspect is that the system as originally built took advantage of the (patented, proprietary) NTRU algorithms for speed. Because those are not WiKID’s to open, they’ve replaced them with RSA. But you can use a full version of the system under GPL to test, experiment or deploy to a userbase that’s ok with authentication taking a few seconds, and add a commercial license if you need it to be faster.

I encourage folks to check it out.