[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: F2 hash?

To: [email protected], [email protected]
Subject: Re: F2 hash?
From: J�ri Kaljundi <[email protected]>
Date: Thu, 8 Aug 1996 11:34:48 +0300 (EET DST)
In-Reply-To: <[email protected]>
Organization: MicroLink OnLine
Sender: [email protected]

 Wed, 7 Aug 1996, Adam Shostack wrote:

> J�ri Kaljundi wrote:
> 
> | At Defcon this year they promised to tell about some security flaws in
> | SecurID tokens, anyone know more about that?
> 
> 	My understanding is that the guy who was going to give the
> talk had nda difficulties.  Vin?  Did you make it out?  The talk was
> going to be on race conditions, denial of service attacks, and the
> like.

This is something that seems to be a little problematic to me. Considering
the 3-minute time slot, it seems fairly easy to somehow block the SecurID
server at the time a user is sending his username/passcode, steal that
information and allow a malicious user to enter that information into the
server. Or have I misunderstood some security aspects?

J�ri Kaljundi
AS Stallion
[email protected]

Follow-Ups:
- Re: F2 hash?
  - From: Adam Shostack <[email protected]>

References:
- Re: F2 hash?
  - From: Adam Shostack <[email protected]>

Prev by Date: CryptoCD
Next by Date: Re: e$: Watching the MacRubble Bounce
Prev by thread: Re: F2 hash?
Next by thread: Re: F2 hash?
Index(es):
- Date
- Thread