Bugtraq mailing list archives

Re: swc / ActivCard

From: John Fulmer <John.Fulmer () LEVEL3 COM>
Date: Mon, 21 Aug 2000 10:27:55 -0600

Alan DeKok wrote:


  The ActivCard product uses the industry standard X9.9
challenge-response algorithm.[1]


Some ActivCard tokens implement a standard X9.9 mode, but most ActivCard
tokens use a proprietary, time and event based modification to the X9.9
algorithm to generate their one time passwords in a synchronous mode.

An overview of what ActivCard does may be found in a white paper at
http://www.activcard.com/activ/services/library/synchronous_authentication.pdf

The time element may be what is introducing the perceived 'limited
randomness' of the token.

  So far as I recall, X9.9 does NOT define a method for calculating a
series of one-time passwords.  It assumes that the challenge is
a random number.  (i.e. generated via a cryptographically strong
method.)


No, but it is fairly common to do an event synchronous mode with an
'X9.9' token. Heck, Cryptocard does that.

jf

Current thread:

swc / ActivCard Michal Zalewski (Aug 18)
- Re: swc / ActivCard Alan DeKok (Aug 18)
  - Re: swc / ActivCard John Fulmer (Aug 21)
  - Re: swc / ActivCard Alan DeKok (Aug 21)
    - Re: swc / ActivCard Michal Zalewski (Aug 21)
    - Re: swc / ActivCard Vin McLellan (Aug 23)
    - Re: swc / ActivCard Michal Zalewski (Aug 23)
    - Re: swc / ActivCard Alan DeKok (Aug 25)
    - Re: swc / ActivCard Michal Zalewski (Aug 25)
    - Re: swc / ActivCard Michal Zalewski (Aug 25)
    - Re: swc / ActivCard Steve VanDevender (Aug 25)
- Re: swc / ActivCard Ross Thompson (Aug 22)
- Re: swc / ActivCard Brian Kowal (Aug 25)

(Thread continues...)