Recently, I.C. Wiener published a reverse engineering effort of the RSA
SecurID algorithm. There were few speculations on the security ramifications
of the algorithm in I.C. Wiener's posting, so this note is an effort to
touch upon areas of concern. We have verified that I.C. Wiener's released
version of the proprietary algorithm is accurate by comparing it with our
own prior reverse engineering of the same

Due to the time sensitivity imposed by the public release of RSA's
proprietary algorithm, we felt it necessary to release this brief to help
people better understand and work toward reducing the risks to which they
might currently be exposed. The risk profile of token devices changes when
they are implemented in an uncontrolled environment, such as the Internet,
and the research in this paper aims to educate and to help manage those
risks. The primary concern is the possiblity to generate a complete cycle of
tokencode outputs given a known secret, which is equivilent to the cloning
of a token device.

This short paper will examine several discovered statistical irregularities
in functions used within the SecurID algorithm: the time computation and
final conversion routines. Where and how these irregularities can be
mitigated by usage and policy are explored. We are planning for the release
of a more thorough analysis in the near future. This paper does not present
methods of determining the secret component by viewing previously generated
or successive tokencodes.

Direct link to full paper:

Additional reports:


Reply via email to