debunking snake oil

Thor Lancelot Simon tls at
Sun Sep 2 18:49:15 EDT 2007

On Sun, Sep 02, 2007 at 06:26:33PM -0400, Vin McLellan wrote:
> At 12:40 PM 9/2/2007, Paul Walker wrote:
> >I didn't realise the current SecurID tokens had been broken. A quick Google
> >doesn't show anything, but I'm probably using the wrong terms. Do you have
> >references for this that I could have a look at?
> I'd also be interested in any evidence that the SecurID has been cracked.
> Any credible report would have the immediate attention of tens of 
> thousands of RSA installations. Not to speak of EMC/RSA. itself, for 
> which I have been a consultant for many years.

That's right, you have.  As I recall, the last time you posted here was
when you tried to defend RSA's decision to sell no-human-interaction
tokens.  At that time, I asked you whether you were posting for yourself
or whether someone at RSA had asked you to post here, and you declined
to respond.

I think it's important that we know, when flaws in commercial
cryptographic products are being discussed, what the interests of the
parties to the discussion are.  So, I'll ask again, as I did last time:
when you post here, both in this instance and in past instances, is it
at your own behest, or that of RSA?


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list