Firewall Wizards mailing list archives
Re: Token based OTP: SafeWord or SecurID?
From: Rick Smith <rick_smith () securecomputing com>
Date: Wed, 20 Sep 2000 10:22:46 -0500
--On Monday, September 18, 2000 11:30 AM -0500 kadokev () msg net wrote:I just recently noticed that unlike SecurID, SafeWord has no provision to use a PIN in combination with their key fob 'Safeword Silver 2000' token, so they are out of the running.
I've been told that the SecurID PIN is essentially a reusable password, consisting of digits, that's used in conjunction with the key fob. To log in, you enter both the number on the fob and the reusable password.
The advantage is that attackers must work harder -- they must first intercept a successful login to retrieve the reusable part and then steal the fob to get the one time part. Furthermore, it involves less hardware since the fob doesn't need a keypad.
On the other hand, it makes the PIN weaker since it can be sniffed. Does anyone think this matters?
Disclaimer: I work for Secure Computing, which builds SafeWord. I want to be sure I understand the relevant difference between the two.
Rick. smith () securecomputing com roseville, minnesota _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Token based OTP: SafeWord or SecurID? kadokev (Sep 13)
- Re: Token based OTP: SafeWord or SecurID? Vin McLellan (Sep 16)
- Re: Token based OTP: SafeWord or SecurID? kadokev (Sep 18)
- Re: Token based OTP: SafeWord or SecurID? Carson Gaspar (Sep 19)
- Re: Token based OTP: SafeWord or SecurID? Rick Smith (Sep 20)
- Re: Token based OTP: SafeWord or SecurID? H. Morrow Long (Sep 22)
- Re: Token based OTP: SafeWord or SecurID? daN. (Sep 25)
- Re: Token based OTP: SafeWord or SecurID? Rick Smith (Sep 25)
- Re: Token based OTP: SafeWord or SecurID? kadokev (Sep 18)
- Re: Token based OTP: SafeWord or SecurID? Vin McLellan (Sep 16)
- Re: Token based OTP: SafeWord or SecurID? Joseph S D Yao (Sep 19)
- Re Token based OTP SafeWord or SecurID? offset (Sep 22)
- Message not available
- Re: Re Token based OTP SafeWord or SecurID? Joseph S D Yao (Sep 23)