[TriLUG] OT: RSA Securid - how does it work?

[Kevin Flanagan]

Joseph Mack NA3T wrote:

> On Sat, 8 Mar 2008, Barry Gaskins wrote:
>
>   
>> Well only RSA knows for sure but they are not publishing 
>> any details.
>>     
>
> sure. I was just trying to estimate bounds on its 
> functioning derived from simple physical principles.
>
>   
>> If I were writing the software then I would allow the last 
>> number to work for a while after I knew it was supposed to 
>> change. They could even make the window wider depending on 
>> how long it was since the key was "activated".
>>     
>
> That's testable. I found that it would only work for the 
> time slot I had. If I saved the number and put it in after 
> the RSA key had advanced to the next number, then I couldn't 
> log in. This made me think that I had to be spot on, which 
> is why I posted in the first place.
>
> Kevin Flanagan also spoke
>
>   
>> The date on the back of the token is an expiration date.
>>     
>
> ah. mine says
>
> 03/31/11
>
> silly me. I thought that was a date in 2003. It's a date in 
> 2011. RSA didn't hear about Y2K.
>
>   

They did, but there aren't any tokens out there that were put out before
2000, it's not relevant for what they do.




>> In reality the server knows 5 sets of numbers, the one it 
>> believes it should be and two before and two after, so 
>> that you could account for clock drift.
>>     
>
> If that's true then my key must be running at the last of 
> the 5 sets.
>   

There's a thing that the admin of the server can do that will set the
server to a better understanding of the time that the token has.  I
can't remember the name of the command, but it's an RSA Admin function
that will make you enter 2 sets of numbers when next you use the token,
then it knows what the skew is between reality and your token.



> Thanks
>
> Joe
>
>