Forum Settings
       
This Forum is Read Only

secerity token questionFollow

#1 Jan 22 2011 at 10:24 AM Rating: Decent
*
112 posts
i just got a security token and was wondering how the heck these things work? how does the log in servers know the code, i know your register it to your account and all. but to me that means it know the order in which your token is programed to give out codes but if you hit the button 5 times and then enter the code it still works. so is there a max amount of times you can use it till it resets back to the first code or what? not looking for info that could jeopardize the security of these things just curious to how they work.
____________________________


#2 Jan 22 2011 at 10:33 AM Rating: Default
**
602 posts
Trusted as a regular hand-written signature, the digital signature must be made with a private key known only to the person authorized to make the signature. Tokens that allow secure on-board generation and storage of private keys enable secure digital signatures, and can also be used for user authentication, as the private key also serves as a proof for the user’s identity.
For tokens to identify the user, all tokens must have some kind of number that is unique. Not all approaches fully qualify as digital signatures according to some national laws.[citation needed] Tokens with no on-board keyboard or another user interface cannot be used in some signing scenarios, such as confirming a bank transaction based on the bank account number that the funds are to be transferred to.

Mathematical-algorithm-based one-time passwords
Another type of one-time password uses a complex mathematical algorithm, such as a hash chain, to generate a series of one-time passwords from a secret shared key. Each password is unguessable, even when previous passwords are known. The open source OATH algorithm is standardized; other algorithms are covered by U.S. patents. Each new password is unique, so an unauthorized user would be unable to guess what the new password may be, based on previously used passwords.
____________________________
FFXI: Dashiel. (Asura) Puppetmaster.
FFXIV: Majidah Sihaam. (Besaid)
Marauder, Weaver & Alchemist.

#3 Jan 22 2011 at 10:37 AM Rating: Good
*
112 posts
now i am more confused
____________________________


#4 Jan 22 2011 at 10:52 AM Rating: Good
**
800 posts
elevencharle wrote:
now i am more confused


Basically, SE has digital versions of our security key and they are linked together by the registration code on the key. The "random" number it generates when you press it isn't random at all, in fact, it's a perfectly predictable number if you know what formula the key uses to generate the number. SE knows the formula.
#5 Jan 22 2011 at 11:02 AM Rating: Decent
*
112 posts
that makes sense so even if i hit the button a few times and don't enter the code the next one will still fall into the formula that is set into the system so it works. thanks
____________________________


This forum is read only
This Forum is Read Only!
Recent Visitors: 18 All times are in CST
Anonymous Guests (18)