[TriLUG] OT: RSA Securid - how does it work?

William Sutton william at trilug.org
Sat Mar 8 10:43:45 EST 2008 

I have one of these things for work as well.  I don't know the technical 
implementation details, but this is the information I've come across:
- the device keeps changing the number (AFAIK, it isn't a time) every so 
often, with a counter to show you how much longer it has until the number 
changes again
- when you first activate it, you provide the number and the main server 
stores the amount of drift betwen your device and what it should be
- when you login using it, the server adjusts for drift using that offset
- oh, yes...they do die, apparently quite abruptly (self destruct, I 
think).

I'm curious to see what's inside one, but don't feel like explaining to 
$WORK what happened if it breaks...

William Sutton


On Sat, 8 Mar 2008, Barry Gaskins wrote:

>   Well only RSA knows for sure but they are not publishing any details.
>
>   But we can guess at a few things.  First of all the date on the
> back does not really matter.  When you get your key you have to
> activate it by waiting until the number changes and then typing in the
> number so it only has to be close when you activate it.  Also it would
> not have to be exact down to the second since it only changes every
> minute and it takes a few seconds to type in the number and log in
> anyway.  If I were writing the software then I would allow the last
> number to work for a while after I knew it was supposed to change.
> They could even make the window wider depending on how long it was
> since the key was "activated".
>
>   Of course they would want it to quit working every few years just
> to make you pay to buy another one...
>
>   - Barry Gaskins
>
> On Sat, Mar 8, 2008 at 9:17 AM, Joseph Mack NA3T <jmack at wm7d.net> wrote:
>> I have one of these keys, which gives a different random
>>  number every minute, so I can logon at work. I'm wondering
>>  how it keeps synchronisation with the server. Searches on
>>  google for "RSA Securid how does it work" only come up with
>>  pages on how to login with it (and shills from RSA telling
>>  me how wonderful these keys are).
>>
>>  I assume that the key has a free running crystal oscillator
>>  in which case the setting and long term drift will not be
>>  better than 1:10^6 and it would go out of synch in 2yrs
>>  (60*10^6 secs). Mine has a date of Nov 2003 on the back, so
>>  presumably it's been running for 4 years. Assuming the
>>  battery will last 10yrs, this would mean that the accuracy
>>  of the crystal would have to be 1:10^7 to maintain synch
>>  over this time. This tolerance is a bit tighter than I would
>>  expect is possible.
>>
>>  Anyone know how these things keep synchronised with the
>>  server?
>>
>>  Thanks Joe
>>
>>  --
>>  Joseph Mack NA3T EME(B,D), FM05lw North Carolina
>>  jmack (at) wm7d (dot) net - azimuthal equidistant map
>>  generator at http://www.wm7d.net/azproj.shtml
>>  Homepage http://www.austintek.com/ It's GNU/Linux!
>>  --
>>  TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>>  TriLUG Organizational FAQ  : http://trilug.org/faq/
>>  TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
>

More information about the TriLUG mailing list