[1797] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] RE: Re: RE: Re: Checking remote servers

daemon@ATHENA.MIT.EDU (Dale.Babiy)
Thu May 28 02:43:23 1998

Date: Wed, 27 May 1998 08:23:04 -0700
From: "Dale.Babiy" <Dale.Babiy@gov.yk.ca>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

>> application, and then again, it may not.  But it is a handy thing to
>> know is out there.

>Isn't this something like a SecureID type system?

No, SecureID is merely a one time password system for people not swift
enough to handle S/Key :).  That's basically what it is.  The little
card you carry around has a function such that f(time)=x.  Your server
computes f(time)=x, f(time-1)=x1 f(time+1)=X2.  This way it creates a
'window' of possible passwords, and can keep track of clock drift on
your token card.  Time is measured in 60 second windows normally.

An elegant solution and it looks very impressive to people whom you are
trying to convince you are secure :).  You append a PIN to the front of
it, so that if someone simply steals your token you're safe, but it
doesn't do any encryption, etc...

The solution I was referring to on the other hand is a modem set that
has an encryption alg implemented.  The client's key is stored in the
card.  It should be totally transparent to any end
applications/authentication mechanisms.  You could in fact run SecureID
over it. 

Cheers/Dale

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post