[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Backport of the integer overflow in the brk system call

On Wed, Dec 03, 2003 at 12:06:33PM +0100, Artur R. Czechowski wrote:
> > What is a "RSA token"?
> Device used in some internet banks. You have a device, which has only
> chipset, digital pad with on/off switch and display, all embedded in small
> case. Authentication is made using C/R algorithm: you receive a number
> from system, enter it into token, chipset signs it using stored RSA key, you
> get a number from display and use is as a password. 

The RSA SecurID tokens are a bit smarter than that; the output for a
given input changes every minute. My employer uses them for remote
access to their intranet; you have a fixed pin number which you enter
into the card to get this minute's (6 digit) password. No reason why the
pin would have to be fixed though.

I have no idea what they cost. Also the newest ones are not exactly fit
for carrying around in your wallet. They last 3 years on internal

Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au>

Reply to: