Cryptography Reference
In-Depth Information
list around, which Mallory could copy. And all this while one-time passwords
are particularly useful when Alice moves about in an 'insecure environment'.
Commercial uses normally demand a higher security.
To this end, several vendors introduced devices the size of key tags or pocket
calculators that automatically generate one-time passwords to the market. Such
a piece of hardware is referred to as a
token
. I will introduce the RSA products
as the first example in this section. RSA named their password token
SecurID
(see Figure 6.9).
Some tokens are additionally protected by PINs. This splits Alice's secret by
the principle of 'possessing and knowing': to authenticate himself as Alice,
Mallory has to not only spy out her PIN (i.e., the knowledge component), but
also steal her token (the possession component). Mallory will have a hard time
if Alice always carries her token with her and never lets it out of her hands.
Figure 6.9:
RSA SecurID for generating one-time passwords in hardware.
