Firewalls: Re: SDI's Time-Synched SecurIDs

Firewalls
(December 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: SDI's Time-Synched SecurIDs
From:	vin @ shore . net (Vin McLellan)
Date:	Sun, 3 Dec 1995 14:14:46 -0500
To:	Chris . Liljenstolpe @ SSDS . com
Cc:	firewalls @ greatcircle . com

        Chris Liljenstolpe <Chris .
 Liljenstolpe @
 ssds .
 com> noted that CryptoCard:

>... offers an SNK type mechanism with 1-3 keys.  However, you can also set it
>up with a "split 1 key" where two different security officers each enter a key
>into the server and card.  The card and server then combine those two keys
>into one key.  This keeps the card safe even if one security officer is
>compromised.

        I like that. Even if it is the sort of fandangle that security
managers grin about but never buy or use.  My compliments to Steve Seal
<steve @
 cryptocard .
 com> in Ontario.

        Another good example of those smile-but-don't-buy features was the
duress code  Padgett mentioned:

*I do not know of a single token vendor who
>provides the capability for a "duress code" into their product.*

        Actually, SDI provided a duress code option for their SecurID for
the first 3 or 4 years, if memory serves -- but I never heard of a single
company using it.  I think SDI quietly dropped it and no one noticed.
(Maybe SDI would provide it as a special feature if requested. They have
the code, and it's long since gone through their extended QA process.)

        Padgett also noted:

>...a SecurID token is the one which rested in my wallet while
>I went white-water rafting in Alaska.... It survived but the credit
>card in the next slot broke.

        Next time you take an adventure vacation, ask SDI for one of their
new "key fob" tokens.  The SecurID card has gotten sturdier over the years,
but the key fob allowed them to escape the bend-and-bust syndrome.  It
should survive even if you lose the raft, next time you go white water
rafting;-)

         (I suggested they pass them out to the crew of "tunnel rats"
working on the third harbor tunnel here in Boston, and then collect stats
on the failure rates for an ad.  But the SDI marketing department doesn't
pay much attention to me.  And I've got to admit, they've done fairly well
without my guidance.)

        Suerte,
                               _Vin

Vin McLellan +The Privacy Guild+ <vin @
 shore .
 net>
 53 Nichols St., Chelsea, Ma., USA Tel: (617) 884-5548
                <*><*><*><*><*><*><*><*><*>

Indexed By Date	Previous:	Re: SDI's Time-Synched SecurIDs and other things that go "tick". From: Chris . Liljenstolpe @ SSDS . com (Chris Liljenstolpe (Swanson) - SSDS)
Indexed By Date	Next:	Re: Orange Book Irrelevant (was: A1 Systems?) From: David Miller <isdmill @ gatekeeper . ddp . state . me . us>
Indexed By Thread	Previous:	Re: SDI's Time-Synched SecurIDs From: Bob Bosen <bbosen @ netcom . com>
Indexed By Thread	Next:	Re: your mail From: Darren Reed <avalon @ coombs . anu . edu . au>