Some RSA fobs do have a keypad. System prompts you to enter a number on keypad and you enter the tokencode which is generated. More secure less predictable. Or you enter a pin and token generates tokencode
Sent from my iPhone On Dec 4, 2012, at 5:57 AM, Jim Lux <jim...@earthlink.net> wrote: > On 12/3/12 9:59 PM, gary wrote: >> I was a bit concerned about clicking the fob for no good reason. I >> assume each click is a different number. I only use it for ebay and >> paypal. [Incidentally, they jacked the price from $5 to $30.] > > The RSA fob doesn't have a button. It just displays a 6 digit number that > changes once a minute or so. The number is generated by a pseudo random > number generator which is seeded in a way that is tied to the serial number. > The compromise last year at RSA involved someone getting access to the serial > number-seed list. (This is obviously not a "public key" system). > > > >> >> Now a phone has accurate network time, so they could get really tricky >> with the time as part of the code. >> >> I was meditating a bit on the power grid synchronization. If all the >> sites but one are in sync, then the generator whose sync is being hacked >> will have a hard time trying to feed the grid while being out of phase. >> This should be detectable electronically in the generator interface. If >> the timing is moved slowly, the the "conflict" would build slowly as well. > > The problem is that how would you distinguish this from normal load dispatch > for the generator. That's how you set the power flow: you adjust the phase > of your generator to slightly leading the grid, and power flows from > generator to grid. > > >> >> In the dark ages, I TAs an electronics class set up for non electrical >> engineers. I considered it kind of brutal since they tried to cover just >> about everything in one class. Well it included what we used to call >> "motors and rotors". [I suspect this isn't even taught anymore.] One of >> the lab experiments was to sync a generator to the mains. Now the >> generator was driven by a motor from the mains, so this wasn't >> particularly difficult. You would put a meter between your generator and >> the mains and drag on the shaft a bit until the phase error was zero, >> then turn the switch to connect them. > > > >> >> Things were going OK but then I heard a nasty sound and the lights >> flickered a bit. It turns out some curious students wanted to see what >> happened if the generator and mains were out of phase. Well, the mains >> wins. > > > Yes.. there are stories of *big* drive shafts shearing or enormous > turbomachinery ripping off the floor bolts. > >> >> It is apparently hard to move the grid. > > The interconnection problem is complicated by the fact that there are long > transmission lines in the system which have all the usual transmission line > issues like reflections, etc. Your simple lab exercise would be > substantially more complicated if there were a 1000 km long transmission line > between the "grid" and "generator". > > What you have in the real system is dozens of coupled oscillators, all with > their own "stiffness" coupled by a complex network of transmission lines with > propagation delays and mismatch. > > > >> >> >> >> On 12/3/2012 8:12 PM, Jim Lux wrote: >>> On 12/3/12 6:34 PM, Hal Murray wrote: >>>> >>>> li...@lazygranch.com said: >>>>> I have one of those key fobs. Does the code somehow inform the power >>>>> the be >>>>> about the drift in the built in clock? Or is the time element of the >>>>> code so >>>>> sloppy that the drift is acceptable? >>>> >>>> The magic number changes every second or so. >>> >>> Every 30 seconds or every minute.. I've seen both. My fob is once a >>> minute, the iPhone "soft fob" is 30 seconds. >>> >>> >>> You only have to scan a few >>>> seconds either side of the correct time to find a valid match. Every >>>> time >>>> the server gets a match it can update its memory of the fob time to >>>> reduce >>>> its searching in the future. >>> >>> Exactly, the maximum time difference is a settable parameter. >>> >>>> >>>> You could measure/compute the drift too. I don't know if that's worth >>>> the >>>> effort. It would probably change with temperature so seasonal or >>>> lifestyle >>>> changes could throw the prediction way off. >>> >>> I don't think they do that.. I think it's a "reset when validated"... >>> >>>> >>>> [I have no inside knowledge. I could be totally wrong, but that seems >>>> reasonable to me. They may have a better approach.] >>> >>> >>> It's all described on the RSA website.. >>> >>> >>> Hmm.. I suspect I could time my fob once a day, and see how many >>> seconds a day it drifts.. without a timed camera it would be hard to get >>> tighter than 1 second resolution.. >>> >>> the iPhone one almost certainly uses the internal clock in the phone. >>> >>> _______________________________________________ >>> time-nuts mailing list -- time-nuts@febo.com >>> To unsubscribe, go to >>> https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts >>> and follow the instructions there. >> >> _______________________________________________ >> time-nuts mailing list -- time-nuts@febo.com >> To unsubscribe, go to >> https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts >> and follow the instructions there. > > > _______________________________________________ > time-nuts mailing list -- time-nuts@febo.com > To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts > and follow the instructions there. _______________________________________________ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
