Firewall Wizards mailing list archives
RE: SecureID vs Certificates
From: Ben Nagy <ben.nagy () marconi com au>
Date: Wed, 14 Feb 2001 09:59:17 +1030
First, Volker wrote:
SecurID is not _as_ secure as people commonly believe: http://www.atstake.com/research/reports/initial_securid_analysis.pdf http://www.securityfocus.com/archive/1/152525
Depends on what you mean by "commonly". One of those messages _asserts_ that the algorithm is "easily crackable", to which I say "Put up, or shut up". The @stake analysis is much more interesting (and I was happy to actually see the algorithm in the public eye, finally), but didn't seem to advance the field. Everyone already _knew_ it was a 64-bit lossy hash with a mostly-guessable time seed thrown in. If they can deliver on their "further analysis" with a crypto result, I'll _then_ be ready to applaud. Then, Mike...
From: Michael H. Warfield [mailto:mhw () wittsend com]
[in response to...]
It would seem pretty obvious that SecureID is a better system [...]Really? "Pretty obvious?" After the algorithm was published on BugTraq and confirmed by another poster (who has RSA connections) and then analyzed by Mudge and King Pin to be basically a 64 bit key system with only 22 bits of time seed and passes the user PIN over the wire? That SecureID? Doesn't seem so obvious to me.
As I said - we knew this. As you noted (which I've snipped) there's a ~ 2^64 chosen plaintext attack. Guessing the time representation probably adds a couple of bits worth, but if you collect LOTS of responses you can probably knock off a couple of notches. So let's settle on 2^64. I think that "Tough, but not impossible" is optomistic, but reasonable. If that's the easiest way for someone to compromise your security, though, then you're doing pretty darn well. Why wouldn't "they" just hold a gun to your head (and tell you they know your non-duress PIN - would you gamble)? But we're not debating absolute security - we're talking relative. So, with certs - English has about 1 bit of entropy per byte. "This is not a long enough passphrase to have 64 bits of entropy" - is yours (or your users') longer than that? If not, then a stolen laptop is an easy win. Before people start - it's a usually lot easier to steal a laptop than a securID token. If you're assuming a wire-only attack, then I'll happily agree that properly deployed certs are better - crypto-wise. In terms of a security system, though, George Capehart made some good comments about the critical nature of the RA process. If you don't in-source your CA, IMO, then don't even _think_ about using certs as strong auth. Properly deployed SecurID is pretty crypto-strong as well - if you use CHAP / SSL for your auth channels then the first problem is breaking those - that would put the crypto complexity of both Certs and SecurID out-of-bounds (Mike pointed this out, as well). That leaves us talking about the integrity of the whole system. Certificates still make me nervous. Soft storage, tape backup of certs, admin-stored "emergency" copies of private keys, weak passphrases, dodgy RA processes...call me paranoid, but I would need LOTS of thought before recommending them for strong auth for high security environments. With that said, I'm sure the RSA guys have been saying that a new version of SecurID is coming / here which drops the Brainard hash in favour of an "open" hash - this will address the crypto concerns (in plenty of time, IMO - yes, we're approaching the wire where 2^64 isn't complex enough, but we're not there yet). Cheers, -- Ben Nagy Network Security Specialist Marconi Services Australia Pty Ltd Mb: +61 414 411 520 PGP Key ID: 0x1A86E304 _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: SecureID vs Certificates, (continued)
- Re: SecureID vs Certificates Crist Clark (Feb 15)
- Re: SecureID vs Certificates Darren Reed (Feb 13)
- Re: SecureID vs Certificates Michael H. Warfield (Feb 13)
- Re: SecureID vs Certificates Volker Tanger (Feb 13)
- RE: SecureID vs Certificates Bill Jaeger (Feb 15)
- Re: SecureID vs Certificates Volker Tanger (Feb 15)
- RE: SecureID vs Certificates Bill Jaeger (Feb 15)
- Re: SecureID vs Certificates Marcus J. Ranum (Feb 14)
- Re: SecureID vs Certificates Peter Lukas (Feb 15)
- Re: SecureID vs Certificates Jeffery . Gieser (Feb 13)
- Re: SecureID vs Certificates Gregory Hicks (Feb 13)
- RE: SecureID vs Certificates Ben Nagy (Feb 15)
- RE: SecureID vs Certificates Frank Knobbe (Feb 15)
- RE: SecureID vs Certificates Wigg, Guy G (Feb 15)
- RE: SecureID vs Certificates Nigel Willson (Feb 16)