[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: F2 hash?



At 01:27 AM 8/8/96 +0300, you wrote:

>As I have to deal with SecurID tokens in the nearest future, I would like
>to hear more opinions about these cards. IMHO a proprietary algorithm like
>used in those cards is a bad thing and I would like an open approach much
>more, I still believe SecurID OTP cards are much better then usual
>passwords.
>
>At Defcon this year they promised to tell about some security flaws in
>SecurID tokens, anyone know more about that?
>
>Personally I believe that Security Dynamics should come out with some kind
>of new systems in the nearest future, now that they own RSA. 

Have you seen Mudge's white paper on S/Key?  It isn't specifically regarding
SecurID, but many of the flaws he discusses are fundamental to the nature of
both S/Key and SecurID (and other OTP schemes), so apply to SecurID as
well...   
//cerridwyn//