[11841] in cryptography@c2.net mail archive
Re: Microsoft marries RSA Security to Windows
daemon@ATHENA.MIT.EDU (Ed Gerck)
Thu Oct 10 17:19:55 2002
Date: Wed, 09 Oct 2002 08:56:50 -0700
From: Ed Gerck <egerck@nma.com>
To: roy@scytale.com
Cc: cryptography@wasabisystems.com
Tamper-resistant hardware is out, second channel with remote source is in.
Trust can be induced this way too, and better. There is no need for PRNG in plain
view, no seed value known. Delay time of 60 seconds (or more) is fine because
each one-time code applies only to one page served.
Please take a look at:
http://www.rsasecurity.com/products/mobile/datasheets/SIDMOB_DS_0802.pdf
and http://nma.com/zsentry/
Microsoft's move is good, RSA gets a good ride too, and the door may open
for a standards-based two-channel authentication method.
Cheers,
Ed Gerck
"Roy M.Silvernail" wrote:
> On Tuesday 08 October 2002 10:11 pm, it was said:
>
> > Microsoft marries RSA Security to Windows
> > http://www.theregister.co.uk/content/55/27499.html
>
> [...]
>
> > The first initiatives will centre on Microsoft's licensing of RSA SecurID
> > two-factor authentication software and RSA Security's development of an RSA
> > SecurID Software Token for Pocket PC.
>
> And here, I thought that a portion of the security embodied in a SecurID
> token was the fact that it was a tamper-resistant, independent piece of
> hardware. Now M$ wants to put the PRNG out in plain view, along with its
> seed value. This cherry is just begging to be picked by some blackhat,
> probably exploiting a hole in Pocket Outlook.
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
