SecurID and garage door openers
Greg Rose
ggr at qualcomm.com
Tue Oct 18 12:24:17 EDT 2005
At 03:25 2005-10-18 -0500, Travis H. wrote:
>Speaking of two-factor authentication, can anyone explain how servers
>validate the code from a SecurID token in the presence of clockskew?
>Does it look backwards and forwards in time a few minutes?
Yes, at registration time the server checks that the clock skew is
reasonable (IIRC, within 100 minutes either way). From then on it
knows and remembers the approximate clock skew.
>Similarly, how do those garage door openers with "rolling codes" work,
>given that the user may have pressed the button many times
>accidentally while out of range of the receiver?
Ahh, one of the dirty little secrets. If the base receives two
sequential outputs from a registered token, even if they are a long
way away from the currently expected output, it will resynchronize to
that. The replay protection just means that the attacker needs to
record two sequential accesses, not a single one. When all is working
as expected, this means the attacker must target you and hang around
for a day, or do a lunchtime attack on your zapper.
Greg.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list