Keeping your account secure sticky
The sticky, although being generally good is wrong in one very important area
"The authenticators (in hand, not Ipod apps) have a fixed number of codes that are on a fixed loop"
this is NOT true at all!!! The code generated is computed from the current time & date and the token's secret 128 bit seed number known only to blizzard's logon server - there is no loops. no fixed sequences - otherwise as you say they would be VERY easy to crack. The calculation of the number is a one way calculation - meaning that you cannot work out the seed number of teh authenticator from the generated codes. You also cannot reverse engineer the seed number as the tokens have tamper resistancy built into them (i.e. any attempt to "read" the seed from the internal chip will destroy the seed data.)
The authenticators are extremely secure, they are used world wide by big coioprporations (including my own company) for remote network access
See here for a detailed explanation of how the RSA SecurID technology as used in these authenticators works, and why they are so secure.
http://en.wikipedia.org/wiki/SecurID
Just one quote from teh article
"RSA SecurID currently commands over 70% of the two-factor authentication market (source: IDC) and 25 million devices have been produced to date"
if they were so easy to crack, they wouldn't be so very popular...
I would gladly give you my account password, but my authenticator you would have to prise out of my cold dead hands....
"The authenticators (in hand, not Ipod apps) have a fixed number of codes that are on a fixed loop"
this is NOT true at all!!! The code generated is computed from the current time & date and the token's secret 128 bit seed number known only to blizzard's logon server - there is no loops. no fixed sequences - otherwise as you say they would be VERY easy to crack. The calculation of the number is a one way calculation - meaning that you cannot work out the seed number of teh authenticator from the generated codes. You also cannot reverse engineer the seed number as the tokens have tamper resistancy built into them (i.e. any attempt to "read" the seed from the internal chip will destroy the seed data.)
The authenticators are extremely secure, they are used world wide by big coioprporations (including my own company) for remote network access
See here for a detailed explanation of how the RSA SecurID technology as used in these authenticators works, and why they are so secure.
http://en.wikipedia.org/wiki/SecurID
Just one quote from teh article
"RSA SecurID currently commands over 70% of the two-factor authentication market (source: IDC) and 25 million devices have been produced to date"
if they were so easy to crack, they wouldn't be so very popular...
I would gladly give you my account password, but my authenticator you would have to prise out of my cold dead hands....
Comment