SecurID and garage door openers
leichter at smarts.com
Tue Oct 18 17:37:14 EDT 2005
| | Speaking of two-factor authentication, can anyone explain how servers
| | validate the code from a SecurID token in the presence of clockskew?
| | Does it look backwards and forwards in time a few minutes?
| Yes, it rolls forward and back 3-5 cycles. The server maintains a
| list of what time it thinks the token thinks it is. So its not
| testing what time it is, its testing what time the token thinks it is.
Plus, I believe it maintains and updates an estimate of the skew between its
clock and the token's. So the "what time I think the token thinks it is"
value is pretty accurate. Note that a value read off the token is good for a
minute, so your synchronization doesn't have to be that good to begin with. (I
suppose you could scan over a larger number of cycles to find the entered
value and then use the cycle distance *just to update the skew/token time
calculation*, refusing the value. A legitimate user will just try again with
the next generated number and succeed; but a guesser won't be helped by the
broader scan range. At most, he can screw up the skew/token time estimate
somewhat, but that will "heal" when the legimate user next logs in.)
I think there's some special-case synchronization the first time the token is
used, the details of which I can't recall. (It may be just that the server is
very liberal about the allowed skew if it knows it hasn't talked to a token in
a long time - which is how it would presumably look on the first attempt. I
suppose if you're really worried that this would allow an attacker to get in
before the legitimate user, you can make it a policy to log in with the token
a couple of times after setting up the account but before handing out the
token. Then again, the software could well have a mechanism to do exactly
this synchronization step, so that you don't actually have to log in or even
enable the account until synchronization is complete.)
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography