1994-04-18 - Re: Autentication gadgets

Header Data

From: smb@research.att.com
To: Johan Helsingius <julf@penet.fi>
Message Hash: 728999fc700f1873ed6ae3e70323d65bb37d83ba246fd39887a32276c18aa327
Message ID: <9404181519.AA13102@toad.com>
Reply To: N/A
UTC Datetime: 1994-04-18 15:19:55 UTC
Raw Date: Mon, 18 Apr 94 08:19:55 PDT

Raw message

From: smb@research.att.com
Date: Mon, 18 Apr 94 08:19:55 PDT
To: Johan Helsingius <julf@penet.fi>
Subject: Re: Autentication gadgets
Message-ID: <9404181519.AA13102@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	 
	 I remember seeing some discussion about the security gadgets
	 people from Bell Labs, amonst others, used for logging in from
	 remote sites. It was a s imple credit-card-calculator-like
	 challenge-response device. Any pointers?

Sure...

We use either an AT&T smart card or the Digital Pathways Securenet
Key.  We started using the latter because they don't sell (expensive)
host software, so they'll disclose the information you need to roll
your own host end software.  A list of some other authenticator vendors
can be found in

ftp://ftp.cert.org/pub/cert_advisories/CA-94:01.ongoing.network.monitoring.attacks

Btw -- the comment in there about the Securenet Key not being exportable
from the U.S. is wrong, even though it does use DES.  It's an authentication
device not readily usable for secrecy, so our beloved government
has deigned to permit its sale to furriners.





Thread