Re: The end of Phishing in sight?

[Blue Boar <BlueBoar () thievco com>]

Richard M. Smith wrote:
> It would also be bad if someone knew the algorithm for generating random
> numbers from a device, right?

For old-style SecureID... I believe it's semi-public knowledge that 
Mudge broke this (with some help, possibly, I can't recall.  I don't 
want to mis-assign anyone's credit.)

I believe it takes some small number of sequential number groups, and 
you can start predicting and arbitrary number of future ones.

However, that's the old proprietary, non-pin, non-challenge-response 
flavor of RSA token.  I believe new ones don't have this issue, and 
there are different token styles to choose from.

                                        Ryan
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.