[aprssig] Re: Authentication over APRS
Bob Snyder
rsnyder at toontown.erial.nj.us
Wed Dec 8 18:05:10 EST 2004
On Wed, Dec 08, 2004 at 02:36:05PM -0800, Scott Miller wrote:
> > SecurID is a great product, I use it daily. It provides "two factor"
> I've used these too. It requires fairly close time synchronization, and if
> you're dealing with a device somewhere on a mountaintop miles away with no
> GPS, keeping within a couple of minutes is too much trouble.
Actually, it doesn't. A decent clock is a good thing, but my
understanding is that the server keeps a window of codes active, and
when you use one in the valid window, it uses that to figure out the
difference in clock rates between the token and the authentication
server.
Running NTP on a hardware token in your wallet is challenging, and this
is their way of avoiding that. :-)
> Yeah, and you're going to run out of secrets pretty fast if it's something
> you do on a regular basis. I think a TEA or similar CBC-MAC with a simple
Assuming you were talking about the Kantronics system, yeah, you'll run
out of secrets pretty fast, and people adept at Wheel of Fortune likely
will be able to guess the passphrase before too long. That's why I
called it a weak form. The benefit is that you don't need special code
on the client end to do it. If the client already is going to be running
your software, doing it fully cryptologically is the best way most
likely.
Bob N2KGO
More information about the aprssig
mailing list