-- [ From: amp * EMC.Ver #2.3 ] -- -----BEGIN PGP SIGNED MESSAGE----- From: Cees de Groot \ Internet: (cg@bofh.toad.com) To: cypherpunks \ Internet: (cypherpunks@toad.com) Subject: Australian "calculatorcard" Hi everybody, CG> Yesterday, on UK Discovery, there was an item in the programme CG> Beyond 2000 about an Australian card which implements a CG> challenge-response protocol and can be used for banking, etcetera. CG> Basically, you give your card number (over the phone), get a CG> challenge number, enter your pin and the challenge, and then give the CG> response. All in CC format... sounds like the card i use for remote dialup to certain non-public systems i use at work. it has a six digit number on the front that changes every 60 seconds. the card is registered to me. when i enter my username/password i'm prompted for the number. it's Pretty Good (tm) security, but like anything not biometric, it is vulnerable to black-bag attacks. physical possession being all that is required. if you know the algorithm and the serial number of the card and the time, even that isn't necessary. CG> Can anybody provide me with pointers to more in-depth information CG> about this device and the algorithm(s) behind it ? i don't know if there are any net sources for them, but i'd be suprised if not. my card references "security dynamics" of cambridge massachusetts. amp <0003701548@mcimail.com> (since 10/31/88) <alan.pugh@internetmci.com> PGP Key = 57957C9D PGP FP = FA 02 84 7D 82 57 78 E4 E2 1C 7B 88 62 A6 F9 F7 December 30, 1995 23:29 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMOYRtIdTfgZXlXydAQGengf9EH07ubUAH43THj3l+6kWUjnXDYfe2DFj CvpEKlFoDkxwllDcIX0KfWK+ENr3YzyQp/yuWU+ZAw/ogci3y5r4IF+oJ4ItrVD6 pZ4AzF5NvXb2KWcnSaQoVsfo3yIt0bfRknuQjGyirntNhLpTkObVygbUmSSNeT8S hrpGB85IkEoy/km3pntCMfrfA0BrED3GCnNLxVYupY7jM7AxbD+mjHvS8to63bPv 68xjB93b+78ld/O0FPsOP7GQMbUZyTJMiLoNwiMhbgEi8Y4dFTlZ6mF6NMHsDxDy p/ocbp2dOj0Vy/BFbfbBqCgdjY3FoExRRHpgav8b0Xd4qNydkFDelg== =MSp2 -----END PGP SIGNATURE-----