[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Australian "calculatorcard"



>sounds like the card i use for remote dialup to certain non-public
>systems i use at work. it has a six digit number on the front that
>changes every 60 seconds. the card is registered to me. when i enter
>my username/password i'm prompted for the number. it's Pretty Good
>(tm) security, but like anything not biometric, it is vulnerable to
>black-bag attacks. physical possession being all that is required. if
>you know the algorithm and the serial number of the card and the
>time, even that isn't necessary.
>
>
>CG> Can anybody provide me with pointers to more in-depth information
>CG> about this device and the algorithm(s) behind it ?
>
>i don't know if there are any net sources for them, but i'd be
>suprised if not. my card references "security dynamics" of cambridge
>massachusetts.

You are referring to the ACE/SecurID token card from Security Dynamics.

In addition to the displayed number, you should be prepending it with a
memorized PIN; this prevents operation in case of theft.  The server end
will disable the card after x failed attemps, etc.  Otherwise it is
basically a one-time password system.

I've had a business relationship with these folks for a year or so now--
sharp guys.