Microsoft marries RSA Security to Windows
Dan Riley
dsr at mail.lns.cornell.edu
Wed Oct 9 13:02:46 EDT 2002
"Roy M.Silvernail" <roy at scytale.com> writes:
> > The first initiatives will centre on Microsoft's licensing of RSA SecurID
> > two-factor authentication software and RSA Security's development of an RSA
> > SecurID Software Token for Pocket PC.
>
> And here, I thought that a portion of the security embodied in a SecurID
> token was the fact that it was a tamper-resistant, independent piece of
> hardware.
SecurityDynamics/RSA Security have sold SecurID for Palms for several
years. Some previous discussion can be found in the mailing list
archives around the release date in spring of 1999. They also sell
software implementations of SecurID for Windows.
> Now M$ wants to put the PRNG out in plain view
It's already out here--the algorithm for the SecurID hash function was
published on Bugtraq by a third party (allegedly Russian) in late
2000.
> along with its seed value.
They did make some attempt to make the seed difficult to recover on
the Palm. No doubt it could be reverse engineered with some effort,
and software SecurID on networked devices does change the threat
model.
-dan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list