debunking snake oil
Thor Lancelot Simon
tls at rek.tjls.com
Sun Sep 2 18:49:15 EDT 2007
On Sun, Sep 02, 2007 at 06:26:33PM -0400, Vin McLellan wrote:
> At 12:40 PM 9/2/2007, Paul Walker wrote:
>
> >I didn't realise the current SecurID tokens had been broken. A quick Google
> >doesn't show anything, but I'm probably using the wrong terms. Do you have
> >references for this that I could have a look at?
>
> I'd also be interested in any evidence that the SecurID has been cracked.
>
> Any credible report would have the immediate attention of tens of
> thousands of RSA installations. Not to speak of EMC/RSA. itself, for
> which I have been a consultant for many years.
That's right, you have. As I recall, the last time you posted here was
when you tried to defend RSA's decision to sell no-human-interaction
tokens. At that time, I asked you whether you were posting for yourself
or whether someone at RSA had asked you to post here, and you declined
to respond.
I think it's important that we know, when flaws in commercial
cryptographic products are being discussed, what the interests of the
parties to the discussion are. So, I'll ask again, as I did last time:
when you post here, both in this instance and in past instances, is it
at your own behest, or that of RSA?
Thor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list