Firewalls: Re: SecurID White Paper

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: SecurID White Paper
From:	Adam Shostack <adam @ homeport . org>
Date:	Tue, 3 Sep 1996 23:05:05 -0500 (EST)
To:	lists @ lina . inka . de (Bernd Eckenfels)
Cc:	peiterz @ secnet . com, firewalls @ GreatCircle . COM
In-reply-to:	<m0uy6Ic-0004kJC @ lina> from "Bernd Eckenfels" at Sep 4, 96 02:58:33 am

Bernd Eckenfels wrote:

| > Topics dealt with in the paper include:
| >  . Race attacks based upon fixed length responses (still valid even with
| >       the current patch)
| >  . Denial of Service attacks based upon server patches
| >  . Server - Slave separation and replay attacks
| >  . Vulnerabilities in the communications with the ACE Server
| >  . A quick analysis of the communications with the ACE Server
| >  . Problems with out-of-band authentication 
| 
| What about the Relationship between the Serial Number of a Card (or any
| other nformation printed on it) and the Seed of the PNG? How does a Admin

	There is none.  There are real problems, as Peiter points out.
This is not one of them.

| announce new Cards to the Ace Server? Is this a "keep it secret" thing, or
| is it cryptogrfically secure?

	The card records (which include data on the seed) are des
encrypted, and only sent to the site contact at the appropriate
address.  I've suggested PGP to them.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

References:

Re: SecurID White Paper
From: lists @ lina . inka . de (Bernd Eckenfels)

Indexed By Date	Previous:	No toolz at cdm From: potlicker @ morebbs . com
Indexed By Date	Next:	Queries on HTTP server and firewalls From: kesavan . p . nair @ bangate1 . tek . com
Indexed By Thread	Previous:	Re: SecurID White Paper From: lists @ lina . inka . de (Bernd Eckenfels)
Indexed By Thread	Next:	No toolz at cdm From: potlicker @ morebbs . com