[1067] in cryptography@c2.net mail archive
Re: Thoughts on the next target.
daemon@ATHENA.MIT.EDU (Marcus Leech)
Mon Jun 23 22:43:17 1997
From: "Marcus Leech" <mleech@nortel.ca>
To: dpj@world.std.com (David P. Jablon)
Date: Mon, 23 Jun 1997 21:59:54 -0500 (EDT)
Cc: cryptography@c2.net
In-Reply-To: <3.0.1.16.19970623190851.2caf76be@world.std.com> from "David P. Jablon" at Jun 23, 97 07:08:51 pm
>
> Any of several widely-used challenge/response password
> systems make attractive targets. A simple marriage
> of a dictionary cracker connected to a strategically-placed
> network sniffer, should produce an embarrasing flood of results.
>
Many of these systems (CryptoCard, etc) use DES in one mode or another,
and the ones that don't use DES use a proprietary hash function.
I think it's "splashier" to demonstrate weakness in widely publicized,
and widely used (in the used-in-more-than-one-application sense)
algorithms.
Brute-forcing the SecurID hash algorithm, for example would require
that someone violate their license agreement with Security Dynamics/RSA.
"Algorithm Thieves today showed that SecurID cards aren't as secure
as manufacture claims".
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 8M86, MS 238, CAR
Systems Security Architect Phone: (ESN) 393-9145 +1 613 763 9145
Systems Security Services Fax: (ESN) 395-1407 +1 613 765 1407
Nortel Technology mleech@nortel.ca
-----------------Expressed opinions are my own, not my employer's------
