SecurID and garage door openers

Jerrold Leichter leichter at
Tue Oct 18 17:37:14 EDT 2005

| | Speaking of two-factor authentication, can anyone explain how servers
| | validate the code from a SecurID token in the presence of clockskew? 
| | Does it look backwards and forwards in time a few minutes?
| Yes, it rolls forward and back 3-5 cycles.  The server maintains a
| list of what time it thinks the token thinks it is.  So its not
| testing what time it is, its testing what time the token thinks it is.
Plus, I believe it maintains and updates an estimate of the skew between its 
clock and the token's.  So the "what time I think the token thinks it is" 
value is pretty accurate.  Note that a value read off the token is good for a 
minute, so your synchronization doesn't have to be that good to begin with. (I 
suppose you could scan over a larger number of cycles to find the entered 
value and then use the cycle distance *just to update the skew/token time 
calculation*, refusing the value.  A legitimate user will just try again with 
the next generated number and succeed; but a guesser won't be helped by the 
broader scan range.  At most, he can screw up the skew/token time estimate
somewhat, but that will "heal" when the legimate user next logs in.)

I think there's some special-case synchronization the first time the token is 
used, the details of which I can't recall.  (It may be just that the server is 
very liberal about the allowed skew if it knows it hasn't talked to a token in 
a long time - which is how it would presumably look on the first attempt.  I 
suppose if you're really worried that this would allow an attacker to get in 
before the legitimate user, you can make it a policy to log in with the token 
a couple of times after setting up the account but before handing out the 
token.  Then again, the software could well have a mechanism to do exactly 
this synchronization step, so that you don't actually have to log in or even 
enable the account until synchronization is complete.)

							-- Jerry

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list