Is Barclay's Pinsentry part of RSA SecureID - and compromised?

Ian Batten igb at
Mon Mar 28 21:27:41 BST 2011

On 28 Mar 2011, at 13:22, John Lamb wrote:
> If an attacker had all the seeds issued to an organisation, then  
> they could
> identify your token by capturing the current number on your SecurID  
> at a known
> time and comparing it to a generated list of the numbers all the  
> issued tokens
> would have been displaying at that time.

Well, for a large organisation they might need two values to narrow it  
right down.  SecureID allows for some clock drift because the tokens  
aren't hugely accurate.  One value might only narrow things down to  
about one in one thousand (there will be some tokens displaying the  
same value, and the clocks are also drifting).  Two values gets you  
about one in a million.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ukcrypto mailing list