On Sat, 24 May 2014 15:18:04 -0400, Gerhard Postpischil wrote: >... >They used an egg-shaped device (sorry, I don't recall the brand) that >generated a time-sensitive password string. It was poorly designed >(i.e., cheap) with an LCD display that was hard to read (my cats don't >read over my shoulder), and had a clock that regularly drifted out of >synchronization, necessitating a three-hour trip ... > A former employer required a device of slightly better design. It was a response to a challenge generated by the server (I think; it may have used a counter in the device, incremented at each login attempt). How is a clock any better? Or, the protocol could have started by synchronizing the clock. Within a time bracket, did it generate the same password for all users?
The employer was acquired by a larger corporation that relies on password expiration. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
