From: smb@research.att.com
Date: Mon, 18 Apr 94 08:19:55 PDT
To: Johan Helsingius <julf@penet.fi>
Subject: Re: Autentication gadgets
Message-ID: <9404181519.AA13102@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	 
	 I remember seeing some discussion about the security gadgets
	 people from Bell Labs, amonst others, used for logging in from
	 remote sites. It was a s imple credit-card-calculator-like
	 challenge-response device. Any pointers?

Sure...

We use either an AT&T smart card or the Digital Pathways Securenet
Key.  We started using the latter because they don't sell (expensive)
host software, so they'll disclose the information you need to roll
your own host end software.  A list of some other authenticator vendors
can be found in

ftp://ftp.cert.org/pub/cert_advisories/CA-94:01.ongoing.network.monitoring.attacks

Btw -- the comment in there about the Securenet Key not being exportable
from the U.S. is wrong, even though it does use DES.  It's an authentication
device not readily usable for secrecy, so our beloved government
has deigned to permit its sale to furriners.