=?ISO-8859-1?Q?J=FCri_Kaljundi?= wrote: | Wed, 7 Aug 1996 anonymous-remailer@shell.portal.com wrote: | | > F2 is a secret hash from SecurityDynamics, and is used in | > their client software. (Its not the hash in the cards, but | > if anyone has a copy of that, it might be fun.) | | As I have to deal with SecurID tokens in the nearest future, I would like | to hear more opinions about these cards. IMHO a proprietary algorithm like | used in those cards is a bad thing and I would like an open approach much | more, I still believe SecurID OTP cards are much better then usual | passwords. I happen to run a mailing list, sdadmin, for folks to talk about SDTI technologies. Talk to majordomo@jabberwocky.bbnplanet.com. There are a number of cards out there. I've been looking at CryptoCard & SNK recently, as well as V-One's smartmouse & virtual smart card technologies. I'd be very interested in seeing the algorithims come out, especially F2. I have a few attacks that look very nice on paper that I'd like to try out. | At Defcon this year they promised to tell about some security flaws in | SecurID tokens, anyone know more about that? My understanding is that the guy who was going to give the talk had nda difficulties. Vin? Did you make it out? The talk was going to be on race conditions, denial of service attacks, and the like. | Personally I believe that Security Dynamics should come out with some kind | of new systems in the nearest future, now that they own RSA.=20 This should be interesting, if they can find people to make things happen before 2000. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume