Wed, 7 Aug 1996 anonymous-remailer@shell.portal.com wrote:
F2 is a secret hash from SecurityDynamics, and is used in their client software. (Its not the hash in the cards, but if anyone has a copy of that, it might be fun.)
As I have to deal with SecurID tokens in the nearest future, I would like to hear more opinions about these cards. IMHO a proprietary algorithm like used in those cards is a bad thing and I would like an open approach much more, I still believe SecurID OTP cards are much better then usual passwords. At Defcon this year they promised to tell about some security flaws in SecurID tokens, anyone know more about that? Personally I believe that Security Dynamics should come out with some kind of new systems in the nearest future, now that they own RSA. Jüri Kaljundi AS Stallion jk@stallion.ee