1) I believe that the major token venders all use reasonablty secure
algorithms and proper separation of serialnumbers from seeds.
2) Having said that, I also belive that current uses only authenticate
users to hosts (or men-in-the-middle) and do not provide any host
authentication (could, just don't). Even then are still suceptable
to MITM and hijacked sessions.
3) This could be eliminated by never passing the response over the net,
instead using it as a seed for creation of a secure channel. By the
ability to communicate both ends would be authenticated to each other.
- Since the response is never sent, MITM attacks would fail.
- Since the channel is secure, hijack attacks would fail
4) Given "soft tokens", all the mechanics could be transparent to the
user, both types would simply require entry of a PIN.
5) Since Time Synchronous tokens must operate in a "window" to accomodate
drift, they are at a disadvantage to Challenge/Response tokens. Not
an insurmountable problem - could try all possible codes in the window or
revert to C/R - but a significant one.
(Think my earlier comment on this was truncated).