On Tue, Oct 18, 2005 at 03:25:40AM -0500, Travis H. wrote: | Speaking of two-factor authentication, can anyone explain how servers | validate the code from a SecurID token in the presence of clockskew? | Does it look backwards and forwards in time a few minutes?
Yes, it rolls forward and back 3-5 cycles. The server maintains a list of what time it thinks the token thinks it is. So its not testing what time it is, its testing what time the token thinks it is. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
