debunking snake oil
Marcos el Ruptor
ruptor at cryptolib.com
Sun Sep 2 16:12:22 EDT 2007
> I didn't realise the current SecurID tokens had been broken. A
> quick Google
> doesn't show anything, but I'm probably using the wrong terms. Do
> you have
> references for this that I could have a look at?
http://eprint.iacr.org/2003/162.pdf
This attack may not be as practical as an algebraic attack would be,
but it shows that SecurID keyed hash function is in fact weaker than
what its claimed 64-bit security level demands. AFAIK, algebraic
cryptanalysis of the RSA SecurID keyed hash function by the academic
sector hasn't even been performed yet. Their new tokens use AES-128.
Maybe they do learn after all...
Ruptor
http://defectoscopy.com/ - There is no need to design weak ciphers.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list