RE: Cryptanalysis of SecurID (ACE/Server)

John Moore (jmoore@speedchoice.com)
Wed, 30 Sep 1998 22:45:18 -0700

• Previous message: Anonymous: "(no subject)"

Okay,
        How hard is it to hijack a TCP session these days? Say that it is between
whatever client and a firewall?

        BTW... the objections to SecureID presumably do not apply to dial-in
sessions onto a "secure" (I recognize the non-absoluteness of this) network.

John

jmoore@speedchoice.com <mailto:jmoore@speedchoice.com>

> -----Original Message-----
> From: owner-CodherPlunks@toad.com [mailto:owner-CodherPlunks@toad.com]On
> Behalf Of Perry E. Metzger
> Sent: Monday, September 28, 1998 7:15 PM
> To: Michael Bauer
> Cc: CodherPlunks
> Subject: Re: Cryptanalysis of SecurID (ACE/Server)
>
>
>
> Michael Bauer writes:
> > Has anybody performed or know of a cryptanalysis of the time-based
> > password system used by Security Dynamics' SecurID - ACE/Server
> system? I
> > heard a rumor that "holes" had been found in it.
>
> It matters little. One time tokens are of limited utility in an
> environment where you can seize an unprotected link after the one time
> token is used to authenticate. In a world of TCP hijacking, who cares
> if the one time system is good?
>
> PErry
>

• Previous message: Anonymous: "(no subject)"