debunking snake oil

Marcos el Ruptor ruptor at
Sun Sep 2 16:12:22 EDT 2007

> I didn't realise the current SecurID tokens had been broken. A  
> quick Google
> doesn't show anything, but I'm probably using the wrong terms. Do  
> you have
> references for this that I could have a look at?

This attack may not be as practical as an algebraic attack would be,  
but it shows that SecurID keyed hash function is in fact weaker than  
what its claimed 64-bit security level demands. AFAIK, algebraic  
cryptanalysis of the RSA SecurID keyed hash function by the academic  
sector hasn't even been performed yet. Their new tokens use AES-128.  
Maybe they do learn after all...

Ruptor - There is no need to design weak ciphers.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list