Re: Cryptanalysis of SecurID (ACE/Server)

New Message Reply About this list Date view Thread view Subject view Author view

Greg Rose (ggr@qualcomm.com)
Mon, 5 Oct 1998 19:15:35 -0400


At 17:41 5/10/98 -0400, Marcus Watts wrote:
>Hm. So much for theory. Surely they're more rugged than
>laptops though?

Yeah, when I put the laptop in my wallet, they *both* broke.

Sorry, couldn't resist. Seriously though, I carry my old format secureID
card with my business cards, and have no problem. Sitting on them breaks
them though.

The newer ones are in the form of a keyfob, and are apparently more robust
(but you wouldn't want to sit on them either).

We (QUALCOMM) use SecureID tokens to authenticate to SSH for the only
opening in the firewall. The reason we do this is that unsophisticated
users often fail to set passwords on their SSH keys on their laptops, and
laptops are a target for theft in their own right, so it is just too big a
security exposure. The security administrators have no control over the
existence or quality of a password which exists only on the laptop, but
they do have control over the "PIN" (really a password) which goes with the
SecureID token. So needing the token to authenticate SSH means that the
session is still protected, as Perry requires, and stealing the laptop
doesn't by itself breach the perimeter. You can use SSH from an untrusted
machine (which you shouldn't do with RSA authentication), and still not
allow future connections.

Greg.

Greg Rose INTERNET: ggr@Qualcomm.com
Qualcomm Australia VOICE: +61-2-9181-4851 FAX: +61-2-9181-5470
Suite 410, Birkenhead Point, http://people.qualcomm.com/ggr/
Drummoyne NSW 2047 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:19