Trei, Peter (ptrei@securitydynamics.com)
Wed, 7 Apr 1999 12:20:01 -0400 
Ok, to calm concerns, here's what we do.
The data to be protected is a 64 bit seed. 
This is 3DES encrypted (using 3 different 
keys, naturally). The keys are derived from
an MD5 hash of certain data.
That data hashed to obtain the keys are:
1. If the user has not selected a passphrase,
a collection of machine specific data is thrown
into the hash. I'll remain a little vague about
what is actually used, since it can vary.
2. If the user sets up a passphrase (highly 
reccomended), that is thrown into the hash
as well.
3. Before the seed is initially downloaded to
the user, the admin program which produces the
seeds 3DES encrypts it using an administrator
supplied passphrase, which must be communicated
via a secure channel to the end user.
To break the encryption, the attacker would
need reverse engineer the app, and then...
EITHER
Get the encrypted seed file, extract the 
machine specific data from that particular 
PP (some of it is data which is 
not available through any of the standard 
applications), and perform a dictionary 
attack on the passphrase.
OR 
Steal the seed file and crack 3DES.
[The encrypted seed file is NOT backed up
on the users PC.] 
OR 
steal a PP on which the foolish user
has failed to use a passphrase (this is
exactly equivalent to stealing a hardware
token)
AND
Obtain or brute force the user's PIN
(n wrong guesses (n = small integer)
and the SecurID is turned off in the 
server)
People will generally notice that their
PP has gone missing a lot faster than they
would notice a missing hardware token, since
the PP is in constant use. They would then
inform their admin, who would turn off that
token in the server.
(and yes, the decrypted seed is wiped after use)
Comments are welcome.
Peter Trei
ptrei@securitydynamics.com
> ----------
> From: 	Michael Bauer[SMTP:mick@tiny.net]
> Sent: 	Wednesday, April 07, 1999 11:23 AM
> To: 	vin@shore.net; CodherPlunks@toad.com
> Cc: 	ptrei@securitydynamics.com
> 
> Since, as Vin implies, the SecurID cat is apparently out of the bag (to
> some extent or another), wouldn't this mean that a SoftID on a PC or
> PalmPilot is at least theoretically quite vulnerable if a system on which
> a SoftID resides is stolen?  E.g., savvy thief steals PalmPilot and copies
> SoftID files onto PC and brute-forces secret-key, or uploads SoftID
> cracker onto stolen PalmPilot and cracks SoftID files locally (although
> the latter seems like a stretch -- how many AAA-battery-years would it
> take to brute-force even a small key on a 68000-based Palm system? :-).
> 
> Having said all that, I think it's very cool that SDTI is developing for
> Palm...
> 
I think so too! :-) 
> Cheers, 
> Mick Bauer
> EXi Corp.
> 
> 
The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:21