On Thursday, Oct 17, 2002, at 19:39 Europe/London, Rich Salz wrote:
[Note: I have an interest, since QuizID use nCipher hardware]Marc Branchaud wrote:Looks like hardware S/Key, doesn't it?Any thoughts on this device? At first glance, it doesn't seem particularly impressive... http://www.quizid.com/
If I could fool the user into entering a quizcode, then it seems like I could get the device and the admin database out of sync and lock the user out of the system.
Their device has a neat way of synchronizing the sequence number to the server which both avoids the clock drift problems that trouble RSA SecurID and mean that you'd have to get the user to pass you a large number of codes before you got them out of sync with the server. It also helps them avoid some of RSA's later patents which deal with their troublesome clock sync problems.
Nicko
