From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Fri, 9 Aug 1996 05:32:53 +0800
To: cypherpunks@toad.com
Subject: Re: F2 hash?
Message-ID: <2.2.32.19960808142120.006c075c@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:27 AM 8/8/96 +0300, you wrote:

>As I have to deal with SecurID tokens in the nearest future, I would like
>to hear more opinions about these cards. IMHO a proprietary algorithm like
>used in those cards is a bad thing and I would like an open approach much
>more, I still believe SecurID OTP cards are much better then usual
>passwords.
>
>At Defcon this year they promised to tell about some security flaws in
>SecurID tokens, anyone know more about that?
>
>Personally I believe that Security Dynamics should come out with some kind
>of new systems in the nearest future, now that they own RSA. 

Have you seen Mudge's white paper on S/Key?  It isn't specifically regarding
SecurID, but many of the flaws he discusses are fundamental to the nature of
both S/Key and SecurID (and other OTP schemes), so apply to SecurID as
well...   
//cerridwyn//