Hello,
I was wondering if anyone here knows how these SecureID keycards (either the 60sec random gen or pin code versions) function. Well what I really want to know is if there is a posibility to get one and write a program that uses it as it's authentication means? Or is there another hardware brand/solution? I want to use something like that for ssh authentication of remote users on my OpenBSD machine. Any ideas?

P.S. My guess is that is trhat it uses some sort of PGP like ketexchange. So the sesrver software has a private and public key and the device (keygen) has the public key for the server along with it's own provate key.... and so on... I am on the right track or not!?

// SuperCali

Apperently the standard I'm looking for is called X9.9 token card challenge response authentication mechanism. Anyone know where I can get more info on it?

// SuperCali

The way SecurID works is this:

Each authorized personel is given a card. It is about the size of a credit card. On the front of the card in a little LCD window is a 5-6 digit number. This number changes repeatedly after a given period of time. The number is generated randomly and is synched up with a master server. When you to do something, such as logging into a main database for example, you log in and then it prompts you for your SecurID. The card is synched up with the main server since the moment that it comes to life.

Because of the fact that it is ever changing, SecurID is completely unfeasable to brute force. Also, due to the fact that the only way you would be able to get the algorithm for the randomness is by breaking open a SecurID card AND the fact that they are tamper proof and you would need one for exact thing you are reversing, i have to say, good fucking luck ;P

I don't really see why the software you would be reversing uses this though. The only real things that do are servers for companies, such as Intel or AOL.

Hello,
Thanks for the info. I am not infact reversing the thing I was just interested in it's inner workings as I am implementing thta kind of login on my OpenBSD servers and have ordered CryptoCard's hardware token cards.

// SuperCali

"As far as I know many of these beasts are supported by OpenBSD..."

Yes this is true. I have now ordered a hardware token (CryptoCard RB-1) and I already have my server setup for it. I hope to implement it on my other servers too (FreeBSD and Solaris). They are quite nifty these little contraptions.... saves one having to remeber lots of cryptic passwords.

// SuperCali