[aprssig] Re: Authentication over APRS
Bob Snyder rsnyder at toontown.erial.nj.usWed Dec 8 23:05:10 UTC 2004
- Previous message: [aprssig] Re: Authentication over APRS
- Next message: [aprssig] Re: Authentication over APRS
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Dec 08, 2004 at 02:36:05PM -0800, Scott Miller wrote: > > SecurID is a great product, I use it daily. It provides "two factor" > I've used these too. It requires fairly close time synchronization, and if > you're dealing with a device somewhere on a mountaintop miles away with no > GPS, keeping within a couple of minutes is too much trouble. Actually, it doesn't. A decent clock is a good thing, but my understanding is that the server keeps a window of codes active, and when you use one in the valid window, it uses that to figure out the difference in clock rates between the token and the authentication server. Running NTP on a hardware token in your wallet is challenging, and this is their way of avoiding that. :-) > Yeah, and you're going to run out of secrets pretty fast if it's something > you do on a regular basis. I think a TEA or similar CBC-MAC with a simple Assuming you were talking about the Kantronics system, yeah, you'll run out of secrets pretty fast, and people adept at Wheel of Fortune likely will be able to guess the passphrase before too long. That's why I called it a weak form. The benefit is that you don't need special code on the client end to do it. If the client already is going to be running your software, doing it fully cryptologically is the best way most likely. Bob N2KGO
- Previous message: [aprssig] Re: Authentication over APRS
- Next message: [aprssig] Re: Authentication over APRS
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the aprssig mailing list