Great Circle Associates Firewalls
(March 1993)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Appletalk through firewalls.
From: "Gordon C. Galligher" <gorpong @ il . us . swissbank . com>
Date: Wed, 03 Mar 93 12:08:20 CST
To: Leland K. Neely <lkn @ llnl . gov>
Cc: firewalls @ GreatCircle . COM
In-reply-to: Your message of "Tue, 02 Mar 93 09:25:24 PST." <9303021726 . AA26136 @ mycroft . GreatCircle . COM>

In message <9303021726 .
 AA26136 @
 mycroft .
 GreatCircle .
	Leland K. Neely <lkn @
 llnl .
 gov> writes:
` Huh? This makes sense----- 
` BUT I am confused.  When Caymon showed the secure id stuff to me, they did
` enter a username or password, ONLY a secure id.  (Hence my concern)
` I can take 2 of my three requirements, but not one of 3.  

BUT, the SecureID thing that the person entered was the random number
generated by the SecureID card (the physical requirement of having the
card) AND the PIN number of the PERSON owning the card (this validates
that the user currently holding the card is the person that is supposed
to hold the card.  This is better than just login/password because with
that there is no physical requirement.

The problem with the SecureID card is that the last four digits of the
"password" that you enter IS your PIN number!  As this is in
plain-text, this is not the best solution.  SecureID has fixed this
with a more expensive card (surprise, grr) which has a keypad on it.
You enter your PIN number into the card, it cons's up a totally new
number based on an internal algorithm including your PIN number and
then you enter that number to your system.  This protects against a
"snoop" attack -- they can see the number that you enter but it does
NOT contain your PIN in the clear so the number is useless to them.

Does this help?

		-- Gordon.
Gordon C. Galligher	gorpong @
 swissbank .
 com	gorpong @
 G-Squared .
 "You can have war between races, war between cultures, war between planets;
  but once you have war between the sexes, you eventually run out of people."
				-- Kerr Avon.

Indexed By Date Previous: archie and UDP
From: jxh @ ICD . Teradyne . COM (Jim Hickstein)
Next: Re: Appletalk through firewalls.
From: johng @ weema . chi . uwa . edu . au (John Gibbins)
Indexed By Thread Previous: Re: Appletalk through firewalls.
From: Leland K. Neely <lkn @ llnl . gov>
Next: Re: Appletalk through firewalls.
From: Mark Verber <verber @ parc . xerox . com>

Search Internet Search