Firewall Wizards mailing list archives
Re: Token based OTP: SafeWord or SecurID?
From: Stephen Legge <stephen () cryptocard com>
Date: 16 Nov 2000 18:48:41 -0000
There is a PIN PAD version of the SecureID in
which you type the
PIN into a keypad on the SecureID card or fob.
The PIN is
combined with the time dependent code number
(which normally
shows up in the LCD in the standard version) and
the newly
factored number is displayed in the LCD. You
then type in and
send this new number to the remote prompt.
Therefore the PIN
is not sent across a communications channel in
the clear.
SafeWord has similar functionality in
their 'Platinum' token, as does
Axent and CryptoCard. The SafeWord token is
interesting in that it appears
to offer the option of storing up to ten(?) distinct
host keys, including
one SecureNetKey/DES token . SNK is the DES
Challenge-Response scheme used by
Axent, and supported by Gauntlet, FWTK, and
SafeWord auth servers.
We've seen too many of the large-format tokens
destroyed by user error, so
this project is focusing on the smaller 'keyfob'
tokens.
It appears that CryptoCard actually supports
entering a PIN into their keyfob
format token, even though it only has a single
button. The sales person I
spoke with couldn't give a very good description as
to how this works. I spotted this posting and I thought I'd chime in and hopefully clear this up for you. The Cryptocard KeyChain Token (or KeyFob token) does accepts pins and uses only a single button. They way we accomplished this was quite clever (if I do say so myself ;-). The first pin digit gently cycles from 0 to 9 (and also "<" for backspace, and "E" for enter). The user simply presses the button when the required first digit is shown. Then the second pin digit cycles the same way. The third, the fourth, and so on. When the full pin has been entered, the user selects "E" to enter (or "<" to backspace). Also, keep in mind that the use of the pin is optional and the administrator can be easily initialize a user's token with no pin required. I hope this clears things up. We're very proud of our entire line of Secure Password tokens -- and we feel they are a better value and more cost effective than the alternatives in the industry. Please feel free to contact me with any questions you have, I'd be very interested in hearing about how you are planning to deploy a strong-authentication system! Have a nice day, Stephen Legge Stephen () Cryptocard com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Token based OTP: SafeWord or SecurID? Stephen Legge (Nov 17)
- <Possible follow-ups>
- Re: Token based OTP: SafeWord or SecurID? ark (Nov 18)
- Re: Token based OTP: SafeWord or SecurID? Tommy Ward (Nov 23)
- Re: Token based OTP: SafeWord or SecurID? Steven M. Bellovin (Nov 24)
- RE: Token based OTP: SafeWord or SecurID? Ben Nagy (Nov 24)
- RE: Token based OTP: SafeWord or SecurID? John Adams (Nov 26)
- RE: Token based OTP: SafeWord or SecurID? Ben Nagy (Nov 28)