[41708] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: RSA SecurID SID800 Token vulnerable by design

daemon@ATHENA.MIT.EDU (Sean W. Smith)
Sat Sep 9 14:30:43 2006

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20060907185121.GA11964@danisch.de>
Cc: cryptography@metzdowd.com
From: "Sean W. Smith" <sws@cs.dartmouth.edu>
Date: Sat, 9 Sep 2006 09:06:36 -0400
To: Hadmut Danisch <hadmut@danisch.de>

One can have a lot of fun with key-wielding tokens, especially on  
Windows.  See:

J. Marchesini, S.W. Smith, M. Zhao.
"Keyjacking: the Surprising Insecurity of Client-side SSL."
Computers and Security.
4 (2): 109-123. March 2005.
http://www.cs.dartmouth.edu/~sws/pubs/msz05.pdf

--Sean

Sean W. Smith   sws@cs.dartmouth.edu  www.cs.dartmouth.edu/~sws/
Department of Computer Science, Dartmouth College, Hanover NH USA

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[41708] in cryptography@c2.net mail archive

Re: RSA SecurID SID800 Token vulnerable by design

daemon@ATHENA.MIT.EDU (Sean W. Smith)Sat Sep 9 14:30:43 2006

daemon@ATHENA.MIT.EDU (Sean W. Smith)
Sat Sep 9 14:30:43 2006