Bugtraq mailing list archives
Re: swc / ActivCard
From: John Fulmer <John.Fulmer () LEVEL3 COM>
Date: Mon, 21 Aug 2000 10:27:55 -0600
Alan DeKok wrote:
The ActivCard product uses the industry standard X9.9 challenge-response algorithm.[1]
Some ActivCard tokens implement a standard X9.9 mode, but most ActivCard tokens use a proprietary, time and event based modification to the X9.9 algorithm to generate their one time passwords in a synchronous mode. An overview of what ActivCard does may be found in a white paper at http://www.activcard.com/activ/services/library/synchronous_authentication.pdf The time element may be what is introducing the perceived 'limited randomness' of the token.
So far as I recall, X9.9 does NOT define a method for calculating a series of one-time passwords. It assumes that the challenge is a random number. (i.e. generated via a cryptographically strong method.)
No, but it is fairly common to do an event synchronous mode with an 'X9.9' token. Heck, Cryptocard does that. jf
Current thread:
- swc / ActivCard Michal Zalewski (Aug 18)
- Re: swc / ActivCard Alan DeKok (Aug 18)
- Re: swc / ActivCard John Fulmer (Aug 21)
- Re: swc / ActivCard Alan DeKok (Aug 21)
- Re: swc / ActivCard Michal Zalewski (Aug 21)
- Re: swc / ActivCard Vin McLellan (Aug 23)
- Re: swc / ActivCard Michal Zalewski (Aug 23)
- Re: swc / ActivCard Alan DeKok (Aug 25)
- Re: swc / ActivCard Michal Zalewski (Aug 25)
- Re: swc / ActivCard Michal Zalewski (Aug 25)
- Re: swc / ActivCard Alan DeKok (Aug 18)
- Re: swc / ActivCard Steve VanDevender (Aug 25)