Bugtraq mailing list archives
Re: swc / ActivCard
From: Michal Zalewski <lcamtuf () DIONE IDS PL>
Date: Mon, 21 Aug 2000 22:52:39 +0200
// Please, Aleph, approve this post, I believe it's quite // important to explain and summarize some facts :) On Mon, 21 Aug 2000, Alan DeKok wrote:
The first two digits of the password are trivially derived from highly predictable counters, which explains why they're so regular. It does not, however, explain why the the *rest* of the digits are so predictable [...]
To make everything clear - as I noticed, I just wanted to start a discussion and futher investigation of this ActivCard One synchronous token issue. None of my statements cannot be threated as true without checking it independently (what I saild clearly, as well, because I was using only a few sources of input data for my analysis and it's quite possible I've made bad assumptions somewhere). Sadly, some people (both from ActivCard representatives and not related to this company), didn't understand the nature of my post - and I guess it can be only a bad will, because I stated it clearly, _twice_. It's really bad, both to us and ActivCard, to spread FUD. So, it's time to state the facts: - we agreed that in 8-digit display, 2 first digits are highly predictable, partially exposing some bits from internal counters (I'm not sure what for). There numbers are almost 100% predictable; as a result, we ha 10^6 combinations instead of 10^8 - which sounds better for crackers, - in my set of information (the one I included in my post and for which I have some troubles - but that's other issue), by dumping binary image of these values, I found several uncommon conditions, like alarmingly long sequences of even values (lowest bit set to zero), some bit sequences appearing eg. with 75% probability where I should expect something around 7-8% and so on. This lead me to perform attempts to guess next values with good precision within reasonable amount of tries. No, I didn't wrote magic program than can predict next value returned by any token with 100%, but I feel alarmed by my observations, and that's why I posted this strictly informal call-for-discussion. Within it, I repeated several times these observations might be not objective and MUST be verified; in some subsequences of this input set, I reached probability of several promiles, which actually isn't bad - especially because it's nothing hard for computer to perform eg. 1000 attempts, which makes this probability much higher. It's bad to debate about algorithm (or, better: implementation) weakness when in doubt. Unfortunately, we have no way to really discover the way this token uses to expose / hash it's internal state but by observation. I guess ActivCard users can easily verify my observations or try to perform more detailed analysis of information supplied by me or obtained on their own. Someone with good (better than mine) practical knowledge of cryptoanalysis and discrete systems' predictability should spent some time with it, for sure. _______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----= -- Support your government, give Echelon / Carnivore something to parse -- classfield top-secret government restricted data information project CIA KGB GRU DISA DoD defense systems military systems spy steal terrorist Allah Natasha Gregori destroy destruct attack democracy will send Russia bank system compromise international own rule the world ATSC RTEM warmod ATMD force power enforce sensitive directorate TSP NSTD ORD DD2-N AMTAS STRAP warrior-T presidental elections policital foreign embassy takeover --------------------------------------------------------------------------
Current thread:
- swc / ActivCard Michal Zalewski (Aug 18)
- Re: swc / ActivCard Alan DeKok (Aug 18)
- Re: swc / ActivCard John Fulmer (Aug 21)
- Re: swc / ActivCard Alan DeKok (Aug 21)
- Re: swc / ActivCard Michal Zalewski (Aug 21)
- Re: swc / ActivCard Vin McLellan (Aug 23)
- Re: swc / ActivCard Michal Zalewski (Aug 23)
- Re: swc / ActivCard Alan DeKok (Aug 25)
- Re: swc / ActivCard Michal Zalewski (Aug 25)
- Re: swc / ActivCard Michal Zalewski (Aug 25)
- Re: swc / ActivCard Alan DeKok (Aug 18)
- Re: swc / ActivCard Steve VanDevender (Aug 25)
- <Possible follow-ups>
- Re: swc / ActivCard Vasilios Katos (Aug 18)