Cryptography Reference
In-Depth Information
on them; only with an anonymous serial number. Without diving into this sce-
nario any further, it is clear that the probability of an illegal login is low in
this concept.
On the other hand, users might see reasons to mistrust the token vendors them-
selves. After all, they store the seeds in the token RAMs. What if they ship
the secret number to the NSA at the same time? What stands in the way of
such a scenario is the fact that the user himself agrees on the PIN; the manu-
facturer does not know it. While the NSA could certainly replay a PIN from
tokens without a keypad, it could just as easily log the unencrypted data com-
munication. A national intelligence agency normally has little interest in faking
authentications.
Probably the most scary scenario would be if Mallory succeeded in reading
the seeds from the server. That's tantamount to a masterpiece. The devices are
shipped to the users in encrypted form. On the server's hard disk, the seeds are
RC4-encrypted using a 128-bit key. And to get them from the memory, you
first need to grab the security blocks of the
Progress
database, which is a true
challenge even for a superuser.
A brute-force attack against the 64-bit seed might be possible. This would
correspond to a capacity of 256 DES crack machines working in parallel. So,
cost and benefit are far beyond a reasonable ratio! Much more interesting would
be attacks using DFA, as described in Section 4.4.5; vendors don't like to talk
about this. But to launch DFA, one has to first own the token, and then probably
open it without deleting the RAM.
Theoretical cryptanalyses work faster than brute-force attacks; read about them
in
PD/skey/SecurID/securid attack
on our Web site. My impression is, however,
that this is not really significant for practical purposes. Cost and benefit have
to be in a reasonable ratio, even in espionage.
Meanwhile, special SecurID tokens work on an AES basis, but the details are
not public at the customers' request. But there are alternatives, as we will see
in the following section.
Open Authentication, Federated ID, and the VeriSign Idea
RSA deserves respect for having developed password tokens to series maturity;
there is no question that these devices dominate the market (it is estimated that
about 16 million devices were in use in 2006). Since other vendors wanted to
have a share in this business, they joined in the
Open Authentication Initiative
(
OATH
). This is an open standard you can download from their Web site
