From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
To: cypherpunks@toad.com
Message Hash: f0dd82069232ca150d7ecce399541bd1ddafe2e8fba7673fd762508fdd5cfbf1
Message ID: <Pine.GSO.3.93.960808112837.12351D-100000@nebula.online.ee>
Reply To: <199608080339.WAA17283@homeport.org>
UTC Datetime: 1996-08-08 10:56:54 UTC
Raw Date: Thu, 8 Aug 1996 18:56:54 +0800
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Thu, 8 Aug 1996 18:56:54 +0800
To: cypherpunks@toad.com
Subject: Re: F2 hash?
In-Reply-To: <199608080339.WAA17283@homeport.org>
Message-ID: <Pine.GSO.3.93.960808112837.12351D-100000@nebula.online.ee>
MIME-Version: 1.0
Content-Type: text/plain
Wed, 7 Aug 1996, Adam Shostack wrote:
> Jüri Kaljundi wrote:
>
> | At Defcon this year they promised to tell about some security flaws in
> | SecurID tokens, anyone know more about that?
>
> My understanding is that the guy who was going to give the
> talk had nda difficulties. Vin? Did you make it out? The talk was
> going to be on race conditions, denial of service attacks, and the
> like.
This is something that seems to be a little problematic to me. Considering
the 3-minute time slot, it seems fairly easy to somehow block the SecurID
server at the time a user is sending his username/passcode, steal that
information and allow a malicious user to enter that information into the
server. Or have I misunderstood some security aspects?
Jüri Kaljundi
AS Stallion
jk@stallion.ee
Return to August 1996
Return to “=?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>”