Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: Token based OTP: SafeWord or SecurID?
From: Stephen Legge <stephen () cryptocard com>
Date: 16 Nov 2000 18:48:41 -0000

There is a PIN PAD version of the SecureID in 
which you type the
PIN into a keypad on the SecureID card or fob.  
The PIN is
combined with the time dependent code number 
(which normally
shows up in the LCD in the standard version) and 
the newly
factored number is displayed in the LCD.  You 
then type in and
send this new number to the remote prompt.  
Therefore the PIN
is not sent across a communications channel in 
the clear.
SafeWord has similar functionality in 
their 'Platinum' token, as does
Axent and CryptoCard. The SafeWord token is 
interesting in that it appears
to offer the option of storing up to ten(?) distinct 
host keys, including
one SecureNetKey/DES token . SNK is the DES 
Challenge-Response scheme used by
Axent, and supported by Gauntlet, FWTK, and 
SafeWord auth servers.

We've seen too many of the large-format tokens 
destroyed by user error, so
this project is focusing on the smaller 'keyfob' 

It appears that CryptoCard actually supports 
entering a PIN into their keyfob
format token, even though it only has a single 
button. The sales person I
spoke with couldn't give a very good description as 
to how this works.

I spotted this posting and I thought I'd chime in and 
hopefully clear this up for you.
The Cryptocard KeyChain Token (or KeyFob token) 
does accepts pins and uses only a single button.  
They way we accomplished this was quite clever (if I 
do say so myself ;-).
The first pin digit gently cycles from 0 to 9 (and 
also "<" for backspace, and "E" for enter).  The user 
simply presses the button when the required first digit 
is shown.  Then the second pin digit cycles the same 
way.  The third, the fourth, and so on.
When the full pin has been entered, the user 
selects "E" to enter (or "<" to backspace).

Also, keep in mind that the use of the pin is optional 
and the administrator can be easily initialize a user's 
token with no pin required.
I hope this clears things up.  We're very proud of our 
entire line of Secure Password tokens -- and we feel 
they are a better value and more cost effective than 
the alternatives in the industry.
Please feel free to contact me with any questions you 
have, I'd be very interested in hearing about how you 
are planning to deploy a strong-authentication system!
Have a nice day,
Stephen Legge
Stephen () Cryptocard com

firewall-wizards mailing list
firewall-wizards () nfr com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]