From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
To: cypherpunks@toad.com
Message Hash: 7d81c8fbb5259704f41d5bfc4f85a7febbec2cf9a1f0eeec1c295154abf86645
Message ID: <2.2.32.19960808142120.006c075c@gonzo.wolfenet.com>
Reply To: N/A
UTC Datetime: 1996-08-08 21:32:53 UTC
Raw Date: Fri, 9 Aug 1996 05:32:53 +0800
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Fri, 9 Aug 1996 05:32:53 +0800
To: cypherpunks@toad.com
Subject: Re: F2 hash?
Message-ID: <2.2.32.19960808142120.006c075c@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain
At 01:27 AM 8/8/96 +0300, you wrote:
>As I have to deal with SecurID tokens in the nearest future, I would like
>to hear more opinions about these cards. IMHO a proprietary algorithm like
>used in those cards is a bad thing and I would like an open approach much
>more, I still believe SecurID OTP cards are much better then usual
>passwords.
>
>At Defcon this year they promised to tell about some security flaws in
>SecurID tokens, anyone know more about that?
>
>Personally I believe that Security Dynamics should come out with some kind
>of new systems in the nearest future, now that they own RSA.
Have you seen Mudge's white paper on S/Key? It isn't specifically regarding
SecurID, but many of the flaws he discusses are fundamental to the nature of
both S/Key and SecurID (and other OTP schemes), so apply to SecurID as
well...
//cerridwyn//
Return to August 1996
Return to “peng-chiew low <pclow@pc.jaring.my>”