PayPal’s are even fancier. They’ve got eInk displays, and are about the size of a credit card.

I don’t see why an iphone/blackberry app would make it any less secure. As the above poster said, it would need to be initialized (get the seed) while connected securely within the network. Afterwards, it doesn’t need to connect at all, just generate an ID based off that seed.

At worst, an attacker would still have a password and username to put in, nothing lost.

Blizzard does this for World of Warcraft already. There has been no verified instances of a WoW account being hijacked when an authenticator (as Blizzard calls it) was present and active on the account.

SecurID, originally made by Security Dynamics before RSA bought it, was around several years before GoldenEye. They’re NOT new.

The problem with SecurID apps is that the seed file, in combination with the serial number, is all that’s needed to clone the system. The ACE/Server needs these two pieces of information, which are provided on removable media with the tokens as an file called nnnnnnnn.asc (where n* is the serial number stamped on the token) probably ascii-armored, uuencoded or base64 version of a raw binary seed.

If you can get the .asc file, you know the serial number (the filename) and you have the seed (the contents of said file), and you can then run it through any of a number of freely available tools, such as this beauty: http://seclists.org/bugtraq/2000/Dec/459 which will spit out the next few numbers that will show up on the screen.

If the seed file is stored in any kind of decode-able format and it can be harvested from your phone/pda/whatever, it is most certainly less secure than the hardware. You can’t get the seed off the hardware tokens. With hardware tokens, the seed exists only on the media that shipped with the fobs (hopefully locked away or destroyed) and on the authentication server. That is more secure.

RSA has been doing these at minimum of 4 years in the enterprise space and my online banking has had similar (http://en.wikipedia.org/wiki/Chip_Authentication_Program) for 2 years now.

I have one of these keyfobs for my office network VPN connection. It is a random number generating device that has the same algorithm as the VPN concentrator. What happens is that when using the RSA algorithm, you have some ciphertext (c), message (m), and a few other numbers, p, q, n, e, and d. p and q are both large primes and n is the product of these two primes (n = p*q). You then chose some e > 1 that is coprime to the totient of p and q, which can be expressed as phi(p,q) = (p-1)*(q-1). Then GCD[e,(p-1)*(q-1)] = 1. Next we compute d, the multiplicative inverse of e mod phi(p,q), which can be expressed as the congruence de = 1 (mod phi(p,q)). Now we have our public key, n & e, and our private key, n & d. We now compute c = m^e (mod n) and m = c^d (mod n). See wikipedia for a good example.

There is an issue with this however, in that if the same m is sent to e or more different people and those people share the same e value, then it’s easy to solve for n by using the Chinese Remainder theorem.

This is where the keyfob comes in, I suspect. RSA does not tell people exactly how these work, and for very good reason. It is probably a padding mechanism for the original m value. When entering your username/password you create a new key pair, and you have to enter the number on the keyfob to tell your end what pad to use, in addition to using it to verify in a third way that the user is authentic.

This might seem like a great idea for an iPhone app, but the iPhone app would need to be reseeded every time it started and that seed would need to be given to the endpoint somehow. Also the keyfobs are decently physically secure as well, but nothing is perfect in that respect – even the moon can be opened up and analyzed (as NASA has recently shown us).

Singu: There are options on the authentication server to allow for clock drift. In fact, I believe that it’s capable of not only accepting the next- and previous-key in the sequence, but if you are consistently entering a key behind its normal window, it will adjust for a time offset on a per-token basis. Say I’m always entering the number that it thinks should be NEXT (not the one it thinks should be currently displayed), it will actually adjust my keyfob’s timetable in the system. The Auth server is always synchronized with NTP, so it’s rarely off global time by more than a few seconds.

agrajag9: The algorithm has been reverse engineered (see the link in my above post) and it’s easy to implement, even though RSA never told anyone how it works.

Also, if a phone/PDA application can access and otherwise decode the seed file, it doesn’t matter where or how it’s stored, it’s vulnerable.

I manage a SecurID server at my job. The value of “two-factor” authentication is that there are, well..um, two factors. Something you know (the pin) and something you have (the key fob). If there were an app, it’d be trivial for someone/trojan/malware to obtain the seed. Then you’re back to one factor authentication — like a password, something you know. If an attacker has the technical ability to obtain the seed out of the app, it’d be nothing for them to obtain the pin & username.

With the SecurID fob, you can trust that there is only ONE copy of the ‘seed’.

Sure they could make an app, but that defeats the two-factor security model.

everyone in my office/company has one of these for vpn access and for loggin into secure sites within the intranet. (largest telecom company in canada). userid is text over 6 chars, personal code of 4 digits + 6 digit code from the fob. the number changes avery 60 seconds, and is very random. not sure of the cost, but the admin geek that used to be here a few years ago mentioned itwas upwards of 100$ t the company per fob – i’m guessing he was throwing me a line of crap though. they do die if you open them though, and batteries only last about 5 years.

A recent article on online banking points out that this is merely one more layer that can be compromised as easily as the other layers, as long as the user or bank is running Win-don’ts. Since you’re hauling around a fob anyway, why not make it a USB stick with a livecd Linux distro? That way, your bank account, email, and various private files are incapable of running any .exe files and you’re therefore virus- and malware-free.

the paypal/ebay model is run by verisign under the VIP (https://idprotect.verisign.com/learnmore.v)

someone should code the VIP into a ssh server or somthing like that, that would be pretty cool.

I’m surprised no-one has made an open version of this. Imagine being able to have a keyfob that you can use for almost any site.

All that is needed is a device like this with a microcontroller and a public/private key setup. The code is generated using the private key you set up and verified with the public key that any website can get (either from you or from a central server). The code change every minute with the time used as the cleartext.

Downloadable OTP app for your phone – http://www.verisign.com/authentication/consumer-authentication/identity-protection/vip-access-for-mobile/index.html

I always thought the RSA fobs or software tokens should be called 3 factor authentication as a 4 digit pin is required in the code as well. The pin can be similar between all users or in my case i always issued dissimilar pin’s for more security.

We use one to log in to our frost bank account. They are pretty cool but it would get annoying if I had to use one every time I wanted to log into gmail or something else.

I build my own “token” midlet last year.
It does both time based authentication and signing.

http://www.serious-thinking.nl/serious-sign/

Lufthansa time-tables for pilots are secured the same way via vpn + rsa-device with unique pins every day.

Overseas they have much more secure banking. The credit cards now have computer chips. Home banking often uses fobs and other systems.

The reason we don’t have this in the US is the banking industry doesn’t want to pay for it. For some reason they rather pay for fraud.

Disappointed at the fact that hack-a-day just ‘discovered’ basic 20-year-old security technology everyone knows about.

Pleased the average reader is familiar with and/or screwed with these already.

Readers – Good work, carry on.
Hack-a-day – WTF? look around once in awhile. The world isn’t entirely arduino-based.

I own a full box of RSA tokens of my old dot com buble employer, a use for these would be a great hack.

That Yubico thing looks neat. That would be easy to implement using just an AVR, a clock chip, and a battery. A couple of 8-pin surface mount chips could easily fit into a small key fob. There is already code out there for emulating a keyboard on AVR.

The PayPal card had RFID hardware on it (I don’t know if it is activated). I’m hoping that someone figures out how to reprogram the key on those cards so they can be repurposed for custom applications.

I was hoping that someone had actually done his own Hacka-token. Only to find that it was just a SecureID token which has been around for well over the decade that I’ve been issued with various incarnations of these Tokens. Various PAM modules are around for all sorts of UNIX and no doubt windows variants, I don’t know if you can “re-Use” existing tokens or do you need extra information not physically on the token to derive the key…. This would be more interesting …Sorry

Doing it yourself is not that hard as the algorithm does not need to be that complex.

Hard part is fitting the algorithm in a nice and clean pocket size device.
(for a reasonable price ;-)

Thats why I wrote the midlet for my mobile (see posting above), if anyone wants to give a go on a PIC or atmega, javascript source code is included on my project page and one can download the java midlet project from the same page.

Yeah. Worked with some people that had these ten years ago. Why is this news again?

I’ve had the paypal one for years.

we use the SecureID with keypad (http://www.tokenguard.com/images/tokens/SD520.gif) gives you an additional layer of security. You not only have to own the token, but you also need to know the secret (:

I’ve been trying to find a local vendor for these keyfob-substitutes, but all I have so far is a demo card:

http://www.passwindow.com/

They look cheap enough (in theory) to junkmail to potential customers, and no more inconvenient than a keyfob. (If they open-sourced it, I think they could put SecureID out of business.)

The device has no display but a similar functionality and is fully opensource.

http://shop.embedded-projects.net/product_info.php/info/p176_Open-Kubus-USB-Stick.html

I’ve been thinking about this a while ago: I’m using full harddisk encryption on all my systems. Sometimes my girlfriend needs to have access to them as well, even when I’m not around. I really don’t want to tell her 20 Bytes over the phone, so I thought I’d implement a device that acts like a smartcard: http://das-labor.org/wiki/DongleExtension

Within the next days I will implement this in hardware. I expect that to be reproduceable & stable in two weeks ;)

I wonder how prevalent it is that the user decides it’s too much of a hassle to keep track of and tapes it to their monitor at work.

http://directory.apache.org/triplesec/

Fresh new from Apache Foundation… :D

CryptoCard offer a Blackberry Application for use with thier product which can be intergrated with the usual VPN Solutions

http://www.cryptocard.com/products/cryptocardauthenticationtokens/st-1tokenforblackberry/

The token is event based but provides a similar level of security to RSA SecureID

Even better…
http://www.idsa.org/idea/idea2005/s1201.htm

I can’t believe you guys are holding this up as a “hack”. Do you not live in the same world as the rest of us? Every company and government agency I’ve ever worked for has used these tokens.

What’s up for tomorrow’s hack – sending data over a wire? Recording spoken words on paper using a pen? The wheel?

I remember a credit card sized device that did the same thing back in the 90′s.

Barada, for android phones, implements 2 factor OTP functionality and is free as well.

Looked into these. They’re hilariously overpriced.
Went with certificates instead.

Don’t forget – a year or two it was going around in the Geek News that there are sniffers sitting in the StarBucks of the world who can see the PIN and SecurID generated number that you typed and if they can then also enter the same PIN and Toekn Number before the SecurID Token Number changes – they are In!!
Just don’t hit Enter/Send until the number is just about ready to expire! (Try getting 1000+ people in your Company to do that!! ;-)

@SecurID: I highly doubt that’s how it works. The ones I have used void that generated number the moment it is used to successfully login and won’t accept it again, thus someone would have to enter your SecurID number and login with it /before/ you get to do so yourself, which is probably possible but improbable.

Those have been around forever, even world of warcraft offers this.

That made me think of a similar authentication factor for ssh, called skey. It’s basically a one time password authentication scheme. When you login, instead of a password, the system offers you a challenge, which you enter in an OTP generator along with your passphrase, which in turns generates a one time password that looks a bit like this:

BEER MOAT FUEL WHALE JOHN FIVE APPLE

Once you authenticate with that password it’s null and void. And since the OTP algorithm is pretty simple (it uses SHA1 in the latest revisions) you can easily get an OTP generator for your phone (j2me, iphone, etc). This way you never enter anything sensitive into the computer you are logging into, which thwarts keyloggers. Perfect for internet cafés and untrustworthy places.

I really appreciate aXon’s link…I have one of these. I actually have a really nice small version -for the hip Sys Admins. Just this morning I was trying to think of a way to pass the credentials from my nt terminal server session to the server session(0) where the authentication window opens. I figured I would use a javascript to authenticate the token and get the next numbers in queue on my webserver and then run the code I receive as a send key (using the next code supplied) to my server. Why? Why not figure it would be cool to add to my current virtual pc in a Win2kAS terminal services session.

You kids…

I used to administer a secureID server I believe I bought it in 1995. Ran on a solaris sparc 10.

I was running version 3.52 of the code, not exactly new.

They allow all sorts of devices, software and operating systems to authenticate using radius or tacacs to a centralized server, the user has a 4-8 digit pin and enters a usrename and the pin+the code on the fob.

The server keeps track of the fob, and knows what the code on it should be at any particular time. Each successful login resets the clock sync, if you don’t login for a while (or the server has a lot of clock drift) you need to get in touch with the admin to sync the pin manually. If you are a doofus and reset the system clock to 1985 to try to avoid Y2K bugs then all 5000 people on the server have to call in and resync, as my replacement discovered.

A successful login makes the user unavailable until the code changes. A code entered wice puts the token into next token mode, which can be annoying. I think you can enter your pin in reverse to get an under duress login, if someone has a gun to your head trying to get into your bank account, or sensitive system. The admin gets an email and is supposed to call the cops.

I did this twice, it always involved alcohol.

You would need to do a man in the middle attack to hijack the ssl or IPSEC connection, and then enter the code into the remote system before the user and send user a bad result somehow. This is all encrypted so, good luck super cracker.

It seems to me there are two possible approaches to this using something people already carry.
A cell phone.

Option 1: Mobile Phone Synchronized Encryption App
An App could be written for various phones (iPhone, Pre, Android,
ect … ) that work on the same concept of an encryption key. The user
could generate his own custom key, and enter it into his phone via SD
card, SMS, or EMail. This key would be unique to his account allowing
only him to log in. The code would change every few minutes and use
the cell network clock as the source. This would work just like the RSA Key Fob.

Option 2: Randomly Generated Code sent via SMS
A new code could be randomly generated and
sent to the user’s phone via SMS. The code would include upper and
lower case letters, numbers, and special characters, just like any
good password should. Each code would only be valid for a few minutes
and logging on before the server had received the request for
the code would be prohibited.

of course it could be hacked,
Just like any other security method.
But it does stack the odds to be more in your favor.

We use the Cryptocard version and it works fine. The person that said it can be compromised if you’re using it from Windows clearly doesn’t understand the technology.

Until biometrics and RFID implants have matured, this is probably the most effective protection against illegal access.

Not cheap though!

And yes, it requires a user PIN and the code from the token to gain access; the user still then has to login to the domain. You can get SSO options but in my book that weakens security so why bother?