> To: Leland K. Neely <lkn @
llnl .
gov>
> Subject: Re: Appletalk through firewalls.
> Date: Wed, 03 Mar 93 12:08:20 CST
> From: "Gordon C. Galligher" <gorpong @
il .
us .
swissbank .
com>
> The problem with the SecureID card is that the last four digits of the
> "password" that you enter IS your PIN number! As this is in
> plain-text, this is not the best solution. SecureID has fixed this
> with a more expensive card (surprise, grr) which has a keypad on it.
Now, couldn't what you know be, instead of a fixed number of some length,
a simple transform such as "swap the second and fourth digits" of the
random number generated? This would not involve a new card (with a keypad)
since you are doing the transform (albeit, a simple one) instead of the card.
Therefore, no extra cost for a new card and a simple software change on the
central device.
Since the transform needs to be something simple to remember without writing
down (e.g., add 25 or mutate the string), this will work only if the original
number is not public (i.e., the card owner makes sure noone sees the display
and the transform together).
- jss
PS: Or am I just missing something?
--------------------------------------------------------------------------
Jon S. Stumpf jon .
s .
stumpf @
sysdev .
dmg .
ml .
com Merrill Lynch
World Financial Center
(212) 449-0498 Phone North Tower
(212) 449-0912 Fax New York, N.Y. 10281-1315
--------------------------------------------------------------------------
|
|
