Firewall Wizards mailing list archives
RE: SecureID vs Certificates
From: Frank Knobbe <FKnobbe () KnobbeITS com>
Date: Wed, 14 Feb 2001 11:42:27 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-----Original Message----- From: Michael H. Warfield [mailto:mhw () wittsend com] Sent: Monday, February 12, 2001 5:25 PM Really? "Pretty obvious?" After the algorithm was published on BugTraq and confirmed by another poster (who has RSA connections) and then analyzed by Mudge and King Pin to be basically a 64 bit key system with only 22 bits of time seed and passes the user PIN over the wire? That SecureID? Doesn't seem so obvious to me.
That may be, but there are other tokens out there besides SecureID. I prefer the Digipass from Vasco.
If they sniff the wire for a few token entries passed in clear and record your PIN, the token, and the time, I would say they have a 64 bit plaintext attack on your token card. Tough, but not impossible. [...]
hehe, that's actually one of the reasons I prefer Vasco. The pin never gets transmitted, it's only used to unlock the token (which means you have to type the pin into the token). I could go on about the differences between, but I don't want to turn this into a 'who has the best token' thread. I just want to remind everyone that SecureID is not the only token on the market. Shop and compare for yourself. Regards, Frank -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME encrypted email preferred. iQA/AwUBOorDg5ytSsEygtEFEQJWWQCfRdwiYH9sBgNRXRRBGyUO7r1f/vMAoICP 25+N4SlBjs8zlRibYdik/oJa =hcZw -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: SecureID vs Certificates, (continued)
- Re: SecureID vs Certificates Darren Reed (Feb 13)
- Re: SecureID vs Certificates Michael H. Warfield (Feb 13)
- Re: SecureID vs Certificates Volker Tanger (Feb 13)
- RE: SecureID vs Certificates Bill Jaeger (Feb 15)
- Re: SecureID vs Certificates Volker Tanger (Feb 15)
- RE: SecureID vs Certificates Bill Jaeger (Feb 15)
- Re: SecureID vs Certificates Marcus J. Ranum (Feb 14)
- Re: SecureID vs Certificates Peter Lukas (Feb 15)
- Re: SecureID vs Certificates Jeffery . Gieser (Feb 13)
- Re: SecureID vs Certificates Gregory Hicks (Feb 13)
- RE: SecureID vs Certificates Ben Nagy (Feb 15)
- RE: SecureID vs Certificates Frank Knobbe (Feb 15)
- RE: SecureID vs Certificates Wigg, Guy G (Feb 15)
- RE: SecureID vs Certificates Nigel Willson (Feb 16)