[TriLUG] OT: RSA Securid - how does it work?
Keith Woodie
kwoodie at gmail.com
Sat Mar 8 11:41:19 EST 2008
I too have one of these for work. The way it was explained to me was
that the RSA company encodes a set of numbers, a number for every
minute from the moment it is created until the moment it is supposed
to expire. The reason they die exactly on the day it says on the back
is because it simply runs out of numbers. The server at work is
pre-programmed with the same set of numbers. Once the RSA key is
registered with the server, both the server and the key begin counting
down. They typically last for 5years. The longer they last the more
expensive they are.
I have a buddy at work that has a bank that gave him one of these keys
for his online banking. If your interested in secure online banking I
don't know of a better way.
<Keith>
On Sat, Mar 8, 2008 at 10:43 AM, William Sutton <william at trilug.org> wrote:
> I have one of these things for work as well. I don't know the technical
> implementation details, but this is the information I've come across:
> - the device keeps changing the number (AFAIK, it isn't a time) every so
> often, with a counter to show you how much longer it has until the number
> changes again
> - when you first activate it, you provide the number and the main server
> stores the amount of drift betwen your device and what it should be
> - when you login using it, the server adjusts for drift using that offset
> - oh, yes...they do die, apparently quite abruptly (self destruct, I
> think).
>
> I'm curious to see what's inside one, but don't feel like explaining to
> $WORK what happened if it breaks...
>
> William Sutton
>
>
>
>
> On Sat, 8 Mar 2008, Barry Gaskins wrote:
>
> > Well only RSA knows for sure but they are not publishing any details.
> >
> > But we can guess at a few things. First of all the date on the
> > back does not really matter. When you get your key you have to
> > activate it by waiting until the number changes and then typing in the
> > number so it only has to be close when you activate it. Also it would
> > not have to be exact down to the second since it only changes every
> > minute and it takes a few seconds to type in the number and log in
> > anyway. If I were writing the software then I would allow the last
> > number to work for a while after I knew it was supposed to change.
> > They could even make the window wider depending on how long it was
> > since the key was "activated".
> >
> > Of course they would want it to quit working every few years just
> > to make you pay to buy another one...
> >
> > - Barry Gaskins
> >
> > On Sat, Mar 8, 2008 at 9:17 AM, Joseph Mack NA3T <jmack at wm7d.net> wrote:
> >> I have one of these keys, which gives a different random
> >> number every minute, so I can logon at work. I'm wondering
> >> how it keeps synchronisation with the server. Searches on
> >> google for "RSA Securid how does it work" only come up with
> >> pages on how to login with it (and shills from RSA telling
> >> me how wonderful these keys are).
> >>
> >> I assume that the key has a free running crystal oscillator
> >> in which case the setting and long term drift will not be
> >> better than 1:10^6 and it would go out of synch in 2yrs
> >> (60*10^6 secs). Mine has a date of Nov 2003 on the back, so
> >> presumably it's been running for 4 years. Assuming the
> >> battery will last 10yrs, this would mean that the accuracy
> >> of the crystal would have to be 1:10^7 to maintain synch
> >> over this time. This tolerance is a bit tighter than I would
> >> expect is possible.
> >>
> >> Anyone know how these things keep synchronised with the
> >> server?
> >>
> >> Thanks Joe
> >>
> >> --
> >> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> >> jmack (at) wm7d (dot) net - azimuthal equidistant map
> >> generator at http://www.wm7d.net/azproj.shtml
> >> Homepage http://www.austintek.com/ It's GNU/Linux!
> >> --
> >> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> >> TriLUG Organizational FAQ : http://trilug.org/faq/
> >> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> >>
> > --
> > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> >
> >
> --
>
>
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
--
--->Keith<---
More information about the TriLUG
mailing list