At 01:27 AM 8/8/96 +0300, you wrote:
As I have to deal with SecurID tokens in the nearest future, I would like to hear more opinions about these cards. IMHO a proprietary algorithm like used in those cards is a bad thing and I would like an open approach much more, I still believe SecurID OTP cards are much better then usual passwords.
At Defcon this year they promised to tell about some security flaws in SecurID tokens, anyone know more about that?
Personally I believe that Security Dynamics should come out with some kind of new systems in the nearest future, now that they own RSA.
Have you seen Mudge's white paper on S/Key? It isn't specifically regarding SecurID, but many of the flaws he discusses are fundamental to the nature of both S/Key and SecurID (and other OTP schemes), so apply to SecurID as well... //cerridwyn//
Thu, 8 Aug 1996, peng-chiew low wrote:
Cerridwyn Llewyellyn wrote:
Have you seen Mudge's white paper on S/Key?
Any ideas how I can get my hands on this paper?
http://l0pht.com/~mudge/skey_white_paper.html Jüri Kaljundi AS Stallion jk@stallion.ee
participants (3)
-
Cerridwyn Llewyellyn -
Jüri Kaljundi -
peng-chiew low