[TriLUG] OT: RSA Securid - how does it work?
William Sutton
william at trilug.org
Sat Mar 8 10:43:45 EST 2008
I have one of these things for work as well. I don't know the technical
implementation details, but this is the information I've come across:
- the device keeps changing the number (AFAIK, it isn't a time) every so
often, with a counter to show you how much longer it has until the number
changes again
- when you first activate it, you provide the number and the main server
stores the amount of drift betwen your device and what it should be
- when you login using it, the server adjusts for drift using that offset
- oh, yes...they do die, apparently quite abruptly (self destruct, I
think).
I'm curious to see what's inside one, but don't feel like explaining to
$WORK what happened if it breaks...
William Sutton
On Sat, 8 Mar 2008, Barry Gaskins wrote:
> Well only RSA knows for sure but they are not publishing any details.
>
> But we can guess at a few things. First of all the date on the
> back does not really matter. When you get your key you have to
> activate it by waiting until the number changes and then typing in the
> number so it only has to be close when you activate it. Also it would
> not have to be exact down to the second since it only changes every
> minute and it takes a few seconds to type in the number and log in
> anyway. If I were writing the software then I would allow the last
> number to work for a while after I knew it was supposed to change.
> They could even make the window wider depending on how long it was
> since the key was "activated".
>
> Of course they would want it to quit working every few years just
> to make you pay to buy another one...
>
> - Barry Gaskins
>
> On Sat, Mar 8, 2008 at 9:17 AM, Joseph Mack NA3T <jmack at wm7d.net> wrote:
>> I have one of these keys, which gives a different random
>> number every minute, so I can logon at work. I'm wondering
>> how it keeps synchronisation with the server. Searches on
>> google for "RSA Securid how does it work" only come up with
>> pages on how to login with it (and shills from RSA telling
>> me how wonderful these keys are).
>>
>> I assume that the key has a free running crystal oscillator
>> in which case the setting and long term drift will not be
>> better than 1:10^6 and it would go out of synch in 2yrs
>> (60*10^6 secs). Mine has a date of Nov 2003 on the back, so
>> presumably it's been running for 4 years. Assuming the
>> battery will last 10yrs, this would mean that the accuracy
>> of the crystal would have to be 1:10^7 to maintain synch
>> over this time. This tolerance is a bit tighter than I would
>> expect is possible.
>>
>> Anyone know how these things keep synchronised with the
>> server?
>>
>> Thanks Joe
>>
>> --
>> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
>> jmack (at) wm7d (dot) net - azimuthal equidistant map
>> generator at http://www.wm7d.net/azproj.shtml
>> Homepage http://www.austintek.com/ It's GNU/Linux!
>> --
>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ : http://trilug.org/faq/
>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
>
More information about the TriLUG
mailing list