F2 hash?

Adam Shostack adam at homeport.org
Wed Aug 7 23:52:19 PDT 1996


=?ISO-8859-1?Q?J=FCri_Kaljundi?= wrote:

|  Wed, 7 Aug 1996 anonymous-remailer at shell.portal.com wrote:
| 
| > F2 is a secret hash from SecurityDynamics, and is used in
| > their client software.  (Its not the hash in the cards, but
| > if anyone has a copy of that, it might be fun.)
| 
| As I have to deal with SecurID tokens in the nearest future, I would like
| to hear more opinions about these cards. IMHO a proprietary algorithm like
| used in those cards is a bad thing and I would like an open approach much
| more, I still believe SecurID OTP cards are much better then usual
| passwords.

	I happen to run a mailing list, sdadmin, for folks to talk
about SDTI technologies.  Talk to majordomo at jabberwocky.bbnplanet.com.
There are a number of cards out there.  I've been looking at
CryptoCard & SNK recently, as well as V-One's smartmouse & virtual
smart card technologies. 

	I'd be very interested in seeing the algorithims come out,
especially F2.  I have a few attacks that look very nice on paper that
I'd like to try out.

| At Defcon this year they promised to tell about some security flaws in
| SecurID tokens, anyone know more about that?

	My understanding is that the guy who was going to give the
talk had nda difficulties.  Vin?  Did you make it out?  The talk was
going to be on race conditions, denial of service attacks, and the
like.


| Personally I believe that Security Dynamics should come out with some kind
| of new systems in the nearest future, now that they own RSA.=20

This should be interesting, if they can find people to make things
happen before 2000.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







More information about the cypherpunks-legacy mailing list