"Roy M.Silvernail" <[EMAIL PROTECTED]> writes: > > The first initiatives will centre on Microsoft's licensing of RSA SecurID > > two-factor authentication software and RSA Security's development of an RSA > > SecurID Software Token for Pocket PC. > > And here, I thought that a portion of the security embodied in a SecurID > token was the fact that it was a tamper-resistant, independent piece of > hardware.
SecurityDynamics/RSA Security have sold SecurID for Palms for several years. Some previous discussion can be found in the mailing list archives around the release date in spring of 1999. They also sell software implementations of SecurID for Windows. > Now M$ wants to put the PRNG out in plain view It's already out here--the algorithm for the SecurID hash function was published on Bugtraq by a third party (allegedly Russian) in late 2000. > along with its seed value. They did make some attempt to make the seed difficult to recover on the Palm. No doubt it could be reverse engineered with some effort, and software SecurID on networked devices does change the threat model. -dan --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
