Adam Shostack adam at homeport.org
Thu Oct 17 11:48:46 PDT 2002

On Thu, Oct 17, 2002 at 02:39:55PM -0400, Rich Salz wrote:
| Marc Branchaud wrote:
| >Any thoughts on this device?  At first glance, it doesn't seem
| >particularly impressive...
| >
| >http://www.quizid.com/
| Looks like hardware S/Key, doesn't it?
| If I could fool the user into entering a quizcode, then it seems like I 
| could get the device and the admin database out of sync and lock the 
| user out of the system.

Aww, Rich, that trick never works!

More seriously, most of the vendors will search forwards and back
through the expected codes to make the attack less likely to work.
(If authentication is centralized, searching backwards may not be a
security risk.)

I think the most interesting part of this is the unit looks cool, and
its spun slightly differently than other tokens have been.


"It is seldom that liberty of any kind is lost all at once."

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cypherpunks-legacy mailing list