[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Australian "calculatorcard"

To: amp <[email protected]>, Cees de Groot <[email protected]>
Subject: Re: Australian "calculatorcard"
From: Johnathan Corgan <[email protected]>
Date: Sat, 30 Dec 1995 22:27:11 -0800
Cc: cypherpunks <[email protected]>
Sender: [email protected]

>sounds like the card i use for remote dialup to certain non-public
>systems i use at work. it has a six digit number on the front that
>changes every 60 seconds. the card is registered to me. when i enter
>my username/password i'm prompted for the number. it's Pretty Good
>(tm) security, but like anything not biometric, it is vulnerable to
>black-bag attacks. physical possession being all that is required. if
>you know the algorithm and the serial number of the card and the
>time, even that isn't necessary.
>
>
>CG> Can anybody provide me with pointers to more in-depth information
>CG> about this device and the algorithm(s) behind it ?
>
>i don't know if there are any net sources for them, but i'd be
>suprised if not. my card references "security dynamics" of cambridge
>massachusetts.

You are referring to the ACE/SecurID token card from Security Dynamics.

In addition to the displayed number, you should be prepending it with a
memorized PIN; this prevents operation in case of theft.  The server end
will disable the card after x failed attemps, etc.  Otherwise it is
basically a one-time password system.

I've had a business relationship with these folks for a year or so now--
sharp guys.

Prev by Date: Compuserve and copyrights
Next by Date: Re: Is Dr Fred Cohen a Loon???
Prev by thread: Re: Australian "calculatorcard"
Next by thread: Re: Australian "calculatorcard"
Index(es):
- Date
- Thread