Re: Security urban legends

[Vin McLellan <vin () shore net>]

At 11:32 AM 11/1/99 -0500, Marcus J. Ranum wrote:

> Hmmm.... Is it getting time for a security urban legends FAQ? I could
> take up a collection. :)

<snip>

> Anyone got any other candidates? :)

        Gawd help me, the number of times I've had to explain to people
that, despite what they've been told, the serial number embossed on the back
of SecurID tokens is _not_ the token's secret seed (which is hashed with
Current Time to continuously generate the 60-second tokencode displayed on a
SecurID's LCD.)

        Or -- this one courtesy of SOFTWAR, repeated regularly on the
fervent Right -- with a $100K donation to the Clinton/Gore campaign
fundraisers, one of the investment bankers for Security Dynamics (now RSA
Security) managed to purchase control of US crypto export policy and
selectively opened and shut the crypto export gate, while the BXA
hard-liners stood by silently and helplessly.

        Or -- more recently, courtesy of the Times (UK), and subsequently
hyped by several Japanese and Korean papers -- reports that a secret Israeli
research project has develped a hand-held quantum computing device which can
crack  1024/128 SSL within a fraction of a second.

        _Vin

        

        

> mjr.
> --
> Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
> work - http://www.nfr.net
> home - http://www.clark.net/pub/mjr