tag:blogger.com,1999:blog-3993498847203183398.post3165219725250139402..comments2024-03-28T09:19:27.451+00:00Comments on RevK<sup>®</sup>'s ramblings: Not so secureIDRevKhttp://www.blogger.com/profile/12369263214193333422noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-3993498847203183398.post-7034675816639555072011-03-19T23:26:49.263+00:002011-03-19T23:26:49.263+00:00Most sensibly setup systems tend to use these keyf...Most sensibly setup systems tend to use these keyfobs as a 2nd authentication factor.<br /><br />So presumably you'd still also have to compromise the other authentication factor.Dragonhttps://www.blogger.com/profile/00022860954210501938noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-78036854191046610092011-03-19T00:12:23.369+00:002011-03-19T00:12:23.369+00:00Secure key exchange in this context isn't actu...Secure key exchange in this context isn't actually too hard - Diffie-Helman arranges that the two ends share a key, then you just verify that the keyfob matches the server to check that you did the DH with the real server and not an attacker.<br /><br />Of course - I have no idea whether they actually do anything like this.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-66097012835012136762011-03-18T14:24:48.395+00:002011-03-18T14:24:48.395+00:00Ah, yes, makes perfect sense. May make creating si...Ah, yes, makes perfect sense. May make creating similar boxes tricky to sell if that is the expectation. HmmRevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-14661433995837027772011-03-18T14:18:51.742+00:002011-03-18T14:18:51.742+00:00"I suspect this is the sort of expensive box ..."I suspect this is the sort of expensive box RSA would sell to the banks for their end." The RSA Authentication Manager is actually free (albeit just the software) and they just charge you for the tokens. Its pretty nifty and has RADIUS built in so its not to difficult to roll out for logging into network devices.Bradley Freemanhttps://www.blogger.com/profile/00417514268821765422noreply@blogger.com