mailing list archives
Re: Token based OTP: SafeWord or SecurID?
From: "Steven M. Bellovin" <smb () research att com>
Date: Wed, 22 Nov 2000 17:52:17 -0500
In message <126.96.36.199.2.20001121152602.01d06a98 () 127 0 0 1>, Tommy Ward writes:
As far as the algorithm, it is patented, and it is implemented in several
software products, including the ACE/Server and the software version of
the token. That means it is not really very secret....
What makes me wonder more about the "secret technology" involved in this
case is the deduced limitation on the crypto used. If you think about the
hardware based SecurID card having up to a 4 year battery life, and the most
basic version displays a new OTP every 60 seconds whether you need it or
not, there can't be a very large number of clock cycles involved in computing
the OTP. By comparison, we used to see about a 2 year battery life on
the old SNK token, which used an 8-bit processor to perform a single DES
computation to generate its OTP, and only did so when you need a new
OTP to authenticate with.
I would guess that a brute force analysis should be able to compromise
any given SecurID account in a short period of time. If you had only a
few samples of plain text (the time of day) and cypher
text (the OTP), this should be a computationally easy task.
If you can pry it out of him, Mudge did enough work on this in about
1995 to prepare a paper on the subject, but he got "persuaded" not to
First of all, I don't think the algorithm is patented. Rather, it's a
trade secret. The crypto is home-grown because they didn't have the
cycles to do DES. And you're not going to brute-force the algorithm.
Apart from the key being too long, it doesn't show all of the output.
Yes, I've seen the algorithm, under NDA.
firewall-wizards mailing list
firewall-wizards () nfr com