Re: Cryptanalysis of SecurID (ACE/Server)

Perry E. Metzger (perry@piermont.com)
Thu, 01 Oct 1998 18:23:06 -0400

• Next message: Peter Xiao: "Re: VeriSign cert reader?"
• Previous message: Jeff Nisewanger: "Re: VeriSign cert reader?"
• Next in thread: John Moore: "RE: Cryptanalysis of SecurID (ACE/Server)"
• Reply: John Moore: "RE: Cryptanalysis of SecurID (ACE/Server)"

"John Moore" writes:
> > From: Perry E. Metzger [mailto:perry@piermont.com]
> > You honestly think that dial-in can't be interfered with?
>
> All security is a tradeoff. Do you honestly think that crypto systems can't
> be attacked by techniques other than technical (dumpster diving, bribery,
> breakins, etc)?

Since the cost of a secure ID system is no lower than that of fully
encrypting the link, and in fact (given the fact that the cards self
destruct and have to be replaced at high cost) often cost
significantly more, why bother with half measures? Sure, there are
ways to break a crypto system, but if you are bothering with any
security why not do something both cheaper and better?

Perry

• Next message: Peter Xiao: "Re: VeriSign cert reader?"
• Previous message: Jeff Nisewanger: "Re: VeriSign cert reader?"
• Next in thread: John Moore: "RE: Cryptanalysis of SecurID (ACE/Server)"
• Reply: John Moore: "RE: Cryptanalysis of SecurID (ACE/Server)"