[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: F2 hash?




>| At Defcon this year they promised to tell about some security flaws in
>| SecurID tokens, anyone know more about that?
>
>	My understanding is that the guy who was going to give the
>talk had nda difficulties.  Vin?  Did you make it out?  The talk was
>going to be on race conditions, denial of service attacks, and the
>like.

According to Mudge (who gave the talk), he *was* going to speak specifically
on SecurID, but they were harassing him or something, and was afraid of a
libel suit if he spoke on it.  Instead, he chose to speak on S/Key flaws,
many of which are the same as SecurID flaws.  All of the attacks were on
the stupidity of the implementations and protocols, not on the cryptographic
algorithms.   Some stuff can be found at http://www.l0pht.com/~mudge .
//cerridwyn//