RSA hacked
Michael Nelson
nelson_mikel at yahoo.com
Fri Mar 18 11:32:48 PDT 2011
Anyone know what is going on? RSA have been pretty cagey about it -- I know more about Three Mile Island, Chernobyl, and the Japanese nuclear disasters combined than about what has actually happened at RSA.
If I had to guess, I'd guess that securid uses a super-master secret, from which they generate a master secret for each enterprise. Then when RSA provisions a token for an enterprise, they generate the individual secret from the enterprise master secret. I have not read up on securid for years. The kind of fuss over this break-in would be consistent with someone stealing enterprise master secrets.
Any better conjectures? Or, better still, any actual information?
Mike
More information about the cypherpunks-legacy
mailing list