F2 hash?
Jüri Kaljundi
jk at stallion.ee
Thu Aug 8 03:56:54 PDT 1996
Wed, 7 Aug 1996, Adam Shostack wrote:
> Jüri Kaljundi wrote:
>
> | At Defcon this year they promised to tell about some security flaws in
> | SecurID tokens, anyone know more about that?
>
> My understanding is that the guy who was going to give the
> talk had nda difficulties. Vin? Did you make it out? The talk was
> going to be on race conditions, denial of service attacks, and the
> like.
This is something that seems to be a little problematic to me. Considering
the 3-minute time slot, it seems fairly easy to somehow block the SecurID
server at the time a user is sending his username/passcode, steal that
information and allow a malicious user to enter that information into the
server. Or have I misunderstood some security aspects?
Jüri Kaljundi
AS Stallion
jk at stallion.ee
More information about the cypherpunks-legacy
mailing list