Re: Cryptanalysis of SecurID (ACE/Server)

New Message Reply About this list Date view Thread view Subject view Author view

Marcus Watts (mdw@umich.edu)
Thu, 01 Oct 98 20:03:48 -0400


Perry sent:
>
> > One could argue that the pass phrase used to open a certificate is two fact,
> > but I don't think it is the same thing. A time variant token authenticates
> > that the individual making the access has physical possession of the only
> > copy of that device in the universe.
>
> Okay. So, we've changed the problem from stealing the laptop to
> stealing the token in the guy's wallet. Could you explain why this is
> better in some way?

I think SecureID is usually used to replace password systems, not
laptops. It does seem to me, though, that the token in the wallet
isn't liable to contain any other valuable data, and is likely to
be easier to invalidate and replace if stolen. It's probably also
more rugged and much lighter in weight, so more likely to actually
live in the wallet than (for instance) carry-on luggage.

                                -Marcus Watts
                                UM ITD PD&D Umich Systems Group


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:19