Re: Token based OTP: SafeWord or SecurID?

[Carson Gaspar <carson () tla org>]

--On Monday, September 18, 2000 11:30 AM -0500 kadokev () msg net wrote:

> I just recently noticed that unlike SecurID, SafeWord has no provision to
> use a PIN in combination with their key fob 'Safeword Silver 2000' token,
> so they are out of the running.

You _probably_ are already aware of this, but just in case: SecurID's 
PIN-PAD just does an add w/o carry of the token and pin, If I remember 
correctly. I'm sure Vin will correct me if I'm wrong :)

BTW: Vin? Did RSA ever fix the initial keying problem with SecurID? Or do 
you still have to jump through hoops to get the node secret transmitted 
securely? For those of you who don't know, it is reasonably easy to recover 
the node secret if you can capture it being sent over the wire during the 
first SecurID login. It is possible to sneakernet the node secret instead, 
but it is a _really_ annoying, and mostly undocumented, hack.

--
Carson Gaspar -- carson () tla org
Queen Trapped in a Butch Body


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards