[geeks] Interesting: hardware security token for PayPal
Phil Stracchino
phil.stracchino at speakeasy.net
Sat Mar 31 22:51:57 CDT 2007
This is an interesting-looking gadget from PayPal:
https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/general/PayPalSecurityKey
If the device generates a six-digit code "about every 30 seconds", then
it takes it "about a year" to exhaust all possible codes and start over.
However, the algorithm must necessarily be deterministic, or it wouldn't
work. And if it's deterministic, and someone can learn (disassemble,
reverse-engineer, whatever) the algorithm, and can get any single code
that you used and when it was used, they may possibly (depending on the
algorithm) be able to determine what code your token will generate at
any specified time in the future, unless each token has some kind of
unique-per-token salt.
--
It's not the years, it's the mileage.
Phil Stracchino phil.stracchino at speakeasy.net
Renaissance Man, Unix generalist, Perl hacker, Free Stater
Landline: 603-429-0220 Mobile: 603-320-5438
More information about the geeks
mailing list