[geeks] Interesting: hardware security token for PayPal
Dan Duncan
danduncan at gmail.com
Sun Apr 1 01:20:29 CDT 2007
On 3/31/07, Phil Stracchino <phil.stracchino at speakeasy.net> wrote:
> This is an interesting-looking gadget from PayPal:
>
> https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/general/PayPalSecurityKey
>
> If the device generates a six-digit code "about every 30 seconds", then
> it takes it "about a year" to exhaust all possible codes and start over.
We use RSA SecurID tokens like this at $WORK. Rumor has it a former
employee left his at home with a password-protected webcam pointing at it
so he didn't need to carry it with him. I don't know if that's why
he's a former
employee. Of course, it's just a rumor.
> However, the algorithm must necessarily be deterministic, or it wouldn't
> work.
I always assumed it was a string of pseudo-random numbers with a
shared seed. The number would seem random, but both ends could
always generate the same number if they knew how many minutes had
elapsed (mine is in minutes, not half minutes) from some point in time.
This was always a fun phenomenon to demonstrate to new programming
students. :)
> And if it's deterministic, and someone can learn (disassemble,
> reverse-engineer, whatever) the algorithm, and can get any single code
> that you used and when it was used, they may possibly (depending on the
> algorithm) be able to determine what code your token will generate at
> any specified time in the future, unless each token has some kind of
> unique-per-token salt.
I've wondered why they use a displayed key as long as 6 digits. It
seems to me that the
more unique each key is, the easier it would be to find the pattern.
If you used a
2-digit key, the number (say 23) would come up far more often and you'd have a
lot more occurrences of 23-90-40-36 (for example) in a row than you would with a
sequence of 6-digit numbers. Make the user wait a minute until the
number has rolled
over and they'd never get a second guess at a key and limit the number
of failed attempts before the account is locked and using a smaller
key doesn't seem so bad to me. Maybe calculate an internal key that's
really long and hash it to produce the 2-digit key and it would be
exceedingly difficult to crack. I'm not a crypto expert or anything
though.
--
Dan Duncan
More information about the geeks
mailing list