[11868] in cryptography@c2.net mail archive
Re: QuizID?
daemon@ATHENA.MIT.EDU (Nicko van Someren)
Thu Oct 17 14:56:59 2002
Date: Thu, 17 Oct 2002 19:55:51 +0100
Cc: Marc Branchaud <marcnarc@rsasecurity.com>,
cryptography@wasabisystems.com, cypherpunks <cypherpunks@lne.com>
To: Rich Salz <rsalz@datapower.com>
From: Nicko van Someren <nicko@ncipher.com>
In-Reply-To: <3DAF03FB.6080003@datapower.com>
On Thursday, Oct 17, 2002, at 19:39 Europe/London, Rich Salz wrote:
> Marc Branchaud wrote:
>> Any thoughts on this device? At first glance, it doesn't seem
>> particularly impressive...
>> http://www.quizid.com/
>
> Looks like hardware S/Key, doesn't it?
>
> If I could fool the user into entering a quizcode, then it seems like
> I could get the device and the admin database out of sync and lock the
> user out of the system.
[Note: I have an interest, since QuizID use nCipher hardware]
Their device has a neat way of synchronizing the sequence number to the
server which both avoids the clock drift problems that trouble RSA
SecurID and mean that you'd have to get the user to pass you a large
number of codes before you got them out of sync with the server. It
also helps them avoid some of RSA's later patents which deal with their
troublesome clock sync problems.
Nicko
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
