1996-08-08 - Re: F2 hash?

Header Data

From: Adam Shostack <adam@homeport.org>
To: jk@stallion.ee (Jüri Kaljundi)
Message Hash: 5a0043edba748958f841913dede5a9873f95b3481888a847262ebc6978d08d93
Message ID: <199608080339.WAA17283@homeport.org>
Reply To: <Pine.GSO.3.93.960808011718.28847G-100000@nebula.online.ee>
UTC Datetime: 1996-08-08 06:52:19 UTC
Raw Date: Thu, 8 Aug 1996 14:52:19 +0800

Raw message

From: Adam Shostack <adam@homeport.org>
Date: Thu, 8 Aug 1996 14:52:19 +0800
To: jk@stallion.ee (Jüri Kaljundi)
Subject: Re: F2 hash?
In-Reply-To: <Pine.GSO.3.93.960808011718.28847G-100000@nebula.online.ee>
Message-ID: <199608080339.WAA17283@homeport.org>
MIME-Version: 1.0
Content-Type: text


=?ISO-8859-1?Q?J=FCri_Kaljundi?= wrote:

|  Wed, 7 Aug 1996 anonymous-remailer@shell.portal.com wrote:
| 
| > F2 is a secret hash from SecurityDynamics, and is used in
| > their client software.  (Its not the hash in the cards, but
| > if anyone has a copy of that, it might be fun.)
| 
| As I have to deal with SecurID tokens in the nearest future, I would like
| to hear more opinions about these cards. IMHO a proprietary algorithm like
| used in those cards is a bad thing and I would like an open approach much
| more, I still believe SecurID OTP cards are much better then usual
| passwords.

	I happen to run a mailing list, sdadmin, for folks to talk
about SDTI technologies.  Talk to majordomo@jabberwocky.bbnplanet.com.
There are a number of cards out there.  I've been looking at
CryptoCard & SNK recently, as well as V-One's smartmouse & virtual
smart card technologies. 

	I'd be very interested in seeing the algorithims come out,
especially F2.  I have a few attacks that look very nice on paper that
I'd like to try out.

| At Defcon this year they promised to tell about some security flaws in
| SecurID tokens, anyone know more about that?

	My understanding is that the guy who was going to give the
talk had nda difficulties.  Vin?  Did you make it out?  The talk was
going to be on race conditions, denial of service attacks, and the
like.


| Personally I believe that Security Dynamics should come out with some kind
| of new systems in the nearest future, now that they own RSA.=20

This should be interesting, if they can find people to make things
happen before 2000.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






Thread