At 05:39 PM 10/24/96 +1300, Chris Liljenstolpe wrote:
> This is the published company line, and the response to queries
>like yours is uniform accross SecurID.
The statement I am about to make should in no way be taken as a defense
of Security Dynamic's failure to publish their algorithm.
I visited their booth at UnixExpo two weeks ago and did not get this
uniform response at all. I was first told that clients in good standing,
after signing non-disclosure aggreements, could review the algorithm.
(I was also under the impression that they would not do this unless
you were well versed in cryptography, and had the expertise to review it)
I was also told that despite it's proprietery nature, the algorithm
had undergone peer review, including several top cryptographers outside
the company. Lastly I was told that the reasons for non-disclosure were
financial, since with the algorithm you could produce the PC version of
their token software.
Again, I did not mean to defend Security Dynamic's policies. You may
take the above as idle talk from sales people, you may take the above
as proof of good policies, the choice is yours. My point here was just
that my person experiences were not so uniform with others.
HTH. YMMV. DSMIHNMA.
Geoff Crawford Phone: (201) 627 - 0307
Innovative Client Servers FAX: (201) 627 - 0634
24 Dogwood Drive Email: geoff @
Denville NJ 07834 Web: http://www.innov8cs.com