F2 hash?

Jüri Kaljundi jk at stallion.ee
Thu Aug 8 03:56:54 PDT 1996


 Wed, 7 Aug 1996, Adam Shostack wrote:

> Jüri Kaljundi wrote:
> 
> | At Defcon this year they promised to tell about some security flaws in
> | SecurID tokens, anyone know more about that?
> 
> 	My understanding is that the guy who was going to give the
> talk had nda difficulties.  Vin?  Did you make it out?  The talk was
> going to be on race conditions, denial of service attacks, and the
> like.

This is something that seems to be a little problematic to me. Considering
the 3-minute time slot, it seems fairly easy to somehow block the SecurID
server at the time a user is sending his username/passcode, steal that
information and allow a malicious user to enter that information into the
server. Or have I misunderstood some security aspects?

Jüri Kaljundi
AS Stallion
jk at stallion.ee







More information about the cypherpunks-legacy mailing list