From: Peiter Z <peiterz@secnet.com>
To: cypherpunks@toad.com
Message Hash: d5448c76f4e6b036829482582fe2ff89678161a7b1ac1a1cbe23fd16c3ac88d8
Message ID: <199609041738.LAA01411@silence.secnet.com>
Reply To: N/A
UTC Datetime: 1996-09-04 03:46:36 UTC
Raw Date: Wed, 4 Sep 1996 11:46:36 +0800
From: Peiter Z <peiterz@secnet.com>
Date: Wed, 4 Sep 1996 11:46:36 +0800
To: cypherpunks@toad.com
Subject: SecurID White Paper
Message-ID: <199609041738.LAA01411@silence.secnet.com>
MIME-Version: 1.0
Content-Type: text/plain
SecurID Vulnerabilities White-Paper
Due to increased recent interest that has been witnessed on the net
about the SecurID token cards and potential vulnerabilities with their
use, we offer a white paper on some of the vulnerabilities that we believe
have been witnessed and/or speculated upon.
This paper is being put forth into the public domain by Secure Networks
Incorporated and is available at the following URL :
ftp://ftp.secnet.com/pub/papers/securid.ps
Topics dealt with in the paper include:
. Race attacks based upon fixed length responses (still valid even with
the current patch)
. Denial of Service attacks based upon server patches
. Server - Slave separation and replay attacks
. Vulnerabilities in the communications with the ACE Server
. A quick analysis of the communications with the ACE Server
. Problems with out-of-band authentication
We hope this paper provides insight, enlightenment, and is helpful
to the security community in general.
thanks and enjoy,
Secure Networks Inc.
Return to September 1996
Return to “Peiter Z <peiterz@secnet.com>”
1996-09-04 (Wed, 4 Sep 1996 11:46:36 +0800) - SecurID White Paper - Peiter Z <peiterz@secnet.com>