Note that this is the 800 token, with a USB port, and it's the USB bit that's be... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		andrewaylett on June 25, 2012 \| parent \| context \| favorite \| on: Scientists crack RSA SecurID 800 tokens, steal cry... Note that this is the 800 token, with a USB port, and it's the USB bit that's been broken, not the six-digit ID part that people usually associate with SecurID. My understanding is that the USB port enables the token to sign data on demand, and it's this signing key that's been compromised -- not just for SecurID, but for a whole range of similar encryption tokens.

regularfry on June 25, 2012 [–]

I don't know how these things work. Is the generator for the six-digit string related to the signing key?

advisory5739f2 on June 25, 2012 | [–]

No, those two functions are unrelated. It's a two-in-one: smart card w/ signing key and one-time-password token.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact