18 Mar
2011
18 Mar
'11
11:35 p.m.
Anyone know what is going on? RSA have been pretty cagey about it -- I know more about Three Mile Island, Chernobyl, and the Japanese nuclear disasters combined than about what has actually happened at RSA. If I had to guess, I'd guess that securid uses a super-master secret, from which they generate a master secret for each enterprise. Then when RSA provisions a token for an enterprise, they generate the individual secret from the enterprise master secret. I have not read up on securid for years. The kind of fuss over this break-in would be consistent with someone stealing enterprise master secrets. Any better conjectures? Or, better still, any actual information? Mike