Firewall Wizards mailing list archives
Re: Token based OTP: SafeWord or SecurID?
From: Carson Gaspar <carson () tla org>
Date: Mon, 18 Sep 2000 17:32:33 -0700
--On Monday, September 18, 2000 11:30 AM -0500 kadokev () msg net wrote:
I just recently noticed that unlike SecurID, SafeWord has no provision to use a PIN in combination with their key fob 'Safeword Silver 2000' token, so they are out of the running.
You _probably_ are already aware of this, but just in case: SecurID's PIN-PAD just does an add w/o carry of the token and pin, If I remember correctly. I'm sure Vin will correct me if I'm wrong :)
BTW: Vin? Did RSA ever fix the initial keying problem with SecurID? Or do you still have to jump through hoops to get the node secret transmitted securely? For those of you who don't know, it is reasonably easy to recover the node secret if you can capture it being sent over the wire during the first SecurID login. It is possible to sneakernet the node secret instead, but it is a _really_ annoying, and mostly undocumented, hack.
-- Carson Gaspar -- carson () tla org Queen Trapped in a Butch Body _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Token based OTP: SafeWord or SecurID? kadokev (Sep 13)
- Re: Token based OTP: SafeWord or SecurID? Vin McLellan (Sep 16)
- Re: Token based OTP: SafeWord or SecurID? kadokev (Sep 18)
- Re: Token based OTP: SafeWord or SecurID? Carson Gaspar (Sep 19)
- Re: Token based OTP: SafeWord or SecurID? Rick Smith (Sep 20)
- Re: Token based OTP: SafeWord or SecurID? H. Morrow Long (Sep 22)
- Re: Token based OTP: SafeWord or SecurID? daN. (Sep 25)
- Re: Token based OTP: SafeWord or SecurID? Rick Smith (Sep 25)
- Re: Token based OTP: SafeWord or SecurID? kadokev (Sep 18)
- Re: Token based OTP: SafeWord or SecurID? Vin McLellan (Sep 16)
- Re: Token based OTP: SafeWord or SecurID? Joseph S D Yao (Sep 19)
- Re Token based OTP SafeWord or SecurID? offset (Sep 22)
- Message not available
- Re: Re Token based OTP SafeWord or SecurID? Joseph S D Yao (Sep 23)