|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: swc / ActivCard
From: John Fulmer (John.Fulmer
LEVEL3.COM)Date: Mon Aug 21 2000 - 11:27:55 CDT
- Next message: Alan DeKok: "Re: swc / ActivCard"
- Previous message: Alan Cox: "Security update for Gnome-Lokkit"
- In reply to: Alan DeKok: "Re: swc / ActivCard"
- Next in thread: Alan DeKok: "Re: swc / ActivCard"
- Reply: John Fulmer: "Re: swc / ActivCard"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alan DeKok wrote:
>
> The ActivCard product uses the industry standard X9.9
> challenge-response algorithm.[1]
Some ActivCard tokens implement a standard X9.9 mode, but most ActivCard
tokens use a proprietary, time and event based modification to the X9.9
algorithm to generate their one time passwords in a synchronous mode.
An overview of what ActivCard does may be found in a white paper at
http://www.activcard.com/activ/services/library/synchronous_authentication.pdf
The time element may be what is introducing the perceived 'limited
randomness' of the token.
> So far as I recall, X9.9 does NOT define a method for calculating a
> series of one-time passwords. It assumes that the challenge is
> a random number. (i.e. generated via a cryptographically strong
> method.)
No, but it is fairly common to do an event synchronous mode with an
'X9.9' token. Heck, Cryptocard does that.
jf
- Next message: Alan DeKok: "Re: swc / ActivCard"
- Previous message: Alan Cox: "Security update for Gnome-Lokkit"
- In reply to: Alan DeKok: "Re: swc / ActivCard"
- Next in thread: Alan DeKok: "Re: swc / ActivCard"
- Reply: John Fulmer: "Re: swc / ActivCard"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]