From: Peiter Z <peiterz@secnet.com>
Date: Wed, 4 Sep 1996 11:46:36 +0800
To: cypherpunks@toad.com
Subject: SecurID White Paper
Message-ID: <199609041738.LAA01411@silence.secnet.com>
MIME-Version: 1.0
Content-Type: text/plain



                SecurID Vulnerabilities White-Paper
 
Due to increased recent interest that has been witnessed on the net
about the SecurID token cards and potential vulnerabilities with their 
use, we offer a white paper on some of the vulnerabilities that we believe 
have been witnessed and/or speculated upon.
 
This paper is being put forth into the public domain by Secure Networks
Incorporated and is available at the following URL :
ftp://ftp.secnet.com/pub/papers/securid.ps
 
Topics dealt with in the paper include:
 
 . Race attacks based upon fixed length responses (still valid even with
      the current patch)
 . Denial of Service attacks based upon server patches
 . Server - Slave separation and replay attacks
 . Vulnerabilities in the communications with the ACE Server
 . A quick analysis of the communications with the ACE Server
 . Problems with out-of-band authentication 
  
We hope this paper provides insight, enlightenment, and is helpful
to the security community in general.
 
thanks and enjoy,
 
Secure Networks Inc.