Andrew Lentvorski wrote: > Here's an interesting question: > > Is it possible to create an open source SecurID-like keyfob? Building > the hardware should be *painfully* cheap. I'm staring at a full 8051 > with flash from TI for under $10. It even does USB. > > > The RSA keyfobs presumably have two things: > > 1) Unknown time-based algorithm for generating the factor > > Security-by-obscurity is always bad, but I'll presume that RSA has a > good algorithm somewhere. I presume that we could find some good > algorithm that's already vetted by the security community. > > 2) A seed value used to generate the sequence. > > Effectively, this is the "shared secret". Presumably, you want > something like public key cryptography. The private key is stored on > your keyfob while the public key is stored on your server. > > > The question is: what algorithm? > > On the keyfob side, we need an algorithm that can take the current time > and some private key and create a factor. > > One the computer side, we need an algorithm that can take the public > key, the current time, and the factor and verify that the factor is > correct. I don't know how to do this. >
What if the "factor" were simply a signed keyed-hash of the current time. I guess the time would have to be bucket-ized to give it some range of validity. Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
