[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SecurID White Paper

To: [email protected]
Subject: SecurID White Paper
From: Peiter Z <[email protected]>
Date: Wed, 4 Sep 1996 11:38:31 -0600 (MDT)
Sender: [email protected]


                SecurID Vulnerabilities White-Paper
 
Due to increased recent interest that has been witnessed on the net
about the SecurID token cards and potential vulnerabilities with their 
use, we offer a white paper on some of the vulnerabilities that we believe 
have been witnessed and/or speculated upon.
 
This paper is being put forth into the public domain by Secure Networks
Incorporated and is available at the following URL :
ftp://ftp.secnet.com/pub/papers/securid.ps
 
Topics dealt with in the paper include:
 
 . Race attacks based upon fixed length responses (still valid even with
      the current patch)
 . Denial of Service attacks based upon server patches
 . Server - Slave separation and replay attacks
 . Vulnerabilities in the communications with the ACE Server
 . A quick analysis of the communications with the ACE Server
 . Problems with out-of-band authentication 
  
We hope this paper provides insight, enlightenment, and is helpful
to the security community in general.
 
thanks and enjoy,
 
Secure Networks Inc.

Prev by Date: Re: Pseudocrypto detector is going wild
Next by Date: Re: What is the EFF doing exactly?
Prev by thread: Re: Pseudocrypto detector is going wild
Next by thread: Re: Schelling Points, Rights, and Game Theory--My article
Index(es):
- Date
- Thread