Re: Token based OTP: SafeWord or SecurID?

["Steven M. Bellovin" <smb () research att com>]

In message <4.3.2.7.2.20001121152602.01d06a98@127.0.0.1>, Tommy Ward writes:
> As far as the algorithm, it is patented, and it is implemented in several
> software products, including the ACE/Server and the software version of
> the token.  That means it is not really very secret....
>
> What makes me wonder more about the "secret technology" involved in this
> case is the deduced limitation on the crypto used.  If you think about the
> hardware based SecurID card having up to a 4 year battery life, and the most
> basic version displays a new OTP every 60 seconds whether you need it or
> not, there can't be a very large number of clock cycles involved in computing
> the OTP.   By comparison, we used to see about a 2 year battery life on
> the old SNK token, which used an 8-bit processor to perform a single DES
> computation to generate its OTP, and only did so when you need a new
> OTP to authenticate with.
>
> I would guess that a brute force analysis should be able to compromise
> any given SecurID account in a short period of time.  If you had only a
> few samples of plain text (the time of day) and cypher
> text (the OTP), this should be a computationally easy task.
>
> If you can pry it out of him, Mudge did enough work on this in about
> 1995 to prepare a paper on the subject, but he got "persuaded" not to
> release it.

First of all, I don't think the algorithm is patented.  Rather, it's a 
trade secret.  The crypto is home-grown because they didn't have the 
cycles to do DES.  And you're not going to brute-force the algorithm.  
Apart from the key being too long, it doesn't show all of the output.

Yes, I've seen the algorithm, under NDA.

                --Steve Bellovin



_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards