Speaking of two-factor authentication, can anyone explain how servers validate the code from a SecurID token in the presence of clockskew? Does it look backwards and forwards in time a few minutes?
Similarly, how do those garage door openers with "rolling codes" work, given that the user may have pressed the button many times accidentally while out of range of the receiver? Is there any interest in reviewing the security of consumer-level devices? I ran across this when trying to pick a fairly secure cordless telephone; there's precious little information on the algorithms and keys used in the sales brochures. I've heard horror stories such as a DSSS phone that actually uses a normal analog transmission in one of the directions. Same issue with garage door openers, alarm systems with remote controls, etc. PS: How many cypherpunks does it take to open a garage door? http://www.cap-lore.com/Garage/ -- http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]