At 03:25 2005-10-18 -0500, Travis H. wrote:
Speaking of two-factor authentication, can anyone explain how servers validate the code from a SecurID token in the presence of clockskew? Does it look backwards and forwards in time a few minutes?
Yes, at registration time the server checks that the clock skew is reasonable (IIRC, within 100 minutes either way). From then on it knows and remembers the approximate clock skew.
Similarly, how do those garage door openers with "rolling codes" work, given that the user may have pressed the button many times accidentally while out of range of the receiver?
Ahh, one of the dirty little secrets. If the base receives two sequential outputs from a registered token, even if they are a long way away from the currently expected output, it will resynchronize to that. The replay protection just means that the attacker needs to record two sequential accesses, not a single one. When all is working as expected, this means the attacker must target you and hang around for a day, or do a lunchtime attack on your zapper.
Greg.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
