On 01/16/13 04:44, James R Grinter wrote:
On 11/01/2013 22:57, Robert Hajime Lanning wrote:
RSA soft token generates the code using the serial number/PIN/time as
input. Always gives you a code.
not quite, with the ones I've used anyway.
The user's PIN is only entered as input for the login password, along
with the "random" value generated by the token (real, or soft. Actually,
RSA did used to have a token model where the PIN was keyed into the
token, and hashed to form a response, but it still didn't confirm the
PIN: it merely avoided it being sent in plain text across an unsecured
network connection.)
Maybe RSA has both types.
I implemented RSA at Seagate about 10 years ago. We used hard tokens
only. A few years ago, they switched to soft tokens (cost benefit). A
friend of mine, who still works there, showed me the new soft token. He
entered his pin and it generated the code.
--
Mr. Flibble
King of the Potato People
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
