| > Is that its official name? the SecurID hash? Mind if I
| >publish it? How about F2, the 'other' hash that the system uses.
| >I've never gotten a go ahead on that from SDTI for the versions I
| >recovered.
|
| I've always called it that -- but within SDTI, it's been called
| "ALGO" for algorithm, or "PRNgen" -- neither of which is a brand name which
| reflects the creativity involved in a good one-way function. Rivest's F2
| and Brainard's SecurID Hash are both proprietary products of SDTI (as you
| well know;-) They've always been held as trade secrets; ACE/SecurID was,
| for years, sold with the promise that they would be kept confidential. SDTI
| won't release anything until those products are retired.
I'll have to think on that one. SDTI shouldn't make promises
that are beyond its control.
| For the market they confronted 7-8 years back, keeping the
| algorithm secret added a blanket of security-by-obscurity (not yet a curse)
Not yet a well known curse, I'll agree.
| >| Several widely-respected cryptographers have studied Brainard's
| >| hash intensively in the past year, and acknowledged -- which is all
| >| cryptographers ever do;-) -- they see no effective attack, no way to
|
| > But those were carefully selected cryptographers.
|
| (Think about it! Could that be true?) SDTI, for years, had a
| program whereby they commissioned respected cryptographers from various
| countries to do reviews of the resiliency of Brainard's hash in the face of
| the latest cryptoanalytic attacks. But the most aggressive studies of the
| cryptographic integrity of ACE/SecurID -- any prominent security product!
| -- are doubtless the pre-purchase security reviews by the big crypto-savvy
| multinationals, various national governments, and the dot-GOV.US security
| agencies. No vendor controls who those prospective buyers "select" to
| evaluate the product.
| Adam's SecurID paper, when presented to a Rutger's network security
| workshop last year, sparked a rare public comment on ACE cryptography by a
| big customer, when a senior Bell Labs scientist talked about the
| Bell/Lucient review of the ACE code (under NDA) and ruefully suggested Adam
| and his friends save themselves fruitless effort and stop trying to
| reverse-engineer the code in hopes of finding a fatal flaw in Brainard's
| hash.
Actually, what he said was that they protected against the
obvious attack of using the output of the hash as a way to the card
secret. I don't suggest that thats a profitable line of attack. The
same set of Bell Labs scientists also missed the attack I found.
Which happens. I still have as much respect for the people involved
as I did before. Open review is a good idea precisely because people
miss things. Even really, really good people miss things.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Follow-Ups:
References:
|
|
