Microsoft marries RSA Security to Windows
Ed Gerck
egerck at nma.com
Wed Oct 9 11:56:50 EDT 2002
Tamper-resistant hardware is out, second channel with remote source is in.
Trust can be induced this way too, and better. There is no need for PRNG in plain
view, no seed value known. Delay time of 60 seconds (or more) is fine because
each one-time code applies only to one page served.
Please take a look at:
http://www.rsasecurity.com/products/mobile/datasheets/SIDMOB_DS_0802.pdf
and http://nma.com/zsentry/
Microsoft's move is good, RSA gets a good ride too, and the door may open
for a standards-based two-channel authentication method.
Cheers,
Ed Gerck
"Roy M.Silvernail" wrote:
> On Tuesday 08 October 2002 10:11 pm, it was said:
>
> > Microsoft marries RSA Security to Windows
> > http://www.theregister.co.uk/content/55/27499.html
>
> [...]
>
> > The first initiatives will centre on Microsoft's licensing of RSA SecurID
> > two-factor authentication software and RSA Security's development of an RSA
> > SecurID Software Token for Pocket PC.
>
> And here, I thought that a portion of the security embodied in a SecurID
> token was the fact that it was a tamper-resistant, independent piece of
> hardware. Now M$ wants to put the PRNG out in plain view, along with its
> seed value. This cherry is just begging to be picked by some blackhat,
> probably exploiting a hole in Pocket Outlook.
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list