[geeks] Interesting: hardware security token for PayPal
Lionel Peterson
lionel4287 at verizon.net
Sun Apr 1 08:50:33 CDT 2007
>From: Phil Stracchino <phil.stracchino at speakeasy.net>
>Date: 2007/03/31 Sat PM 10:51:57 CDT
>To: The Geeks List <geeks at sunhelp.org>
>Subject: [geeks] Interesting: hardware security token for PayPal
>This is an interesting-looking gadget from PayPal:
>
>https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/general/PayPalSecurityKey
>
>If the device generates a six-digit code "about every 30 seconds", then
>it takes it "about a year" to exhaust all possible codes and start over.
>
>However, the algorithm must necessarily be deterministic, or it wouldn't
>work. And if it's deterministic, and someone can learn (disassemble,
>reverse-engineer, whatever) the algorithm, and can get any single code
>that you used and when it was used, they may possibly (depending on the
>algorithm) be able to determine what code your token will generate at
>any specified time in the future, unless each token has some kind of
>unique-per-token salt.
Seems very similar to SecureID...
6 digit number + PIN = access
I wonder if they are working WITH SecureID, or if they are waiting to have ameeting with SecureID's lawyers before going public with this new offering...
Oh wait, just checked my calendar - any reason I'm seeing this TODAY?
Lionel
More information about the geeks
mailing list