[geeks] Interesting: hardware security token for PayPal

Geoffrey S. Mendelson gsm at mendelson.com
Sun Apr 1 01:54:16 CDT 2007


On Sun, Apr 01, 2007 at 01:39:54AM -0400, Charles Shannon Hendrix wrote:
> At $JOB around 1996 we were shown a code generator that had a unique salt and
> serial on each unit.  It also was supposed to not go through the number pool
> in the same order or sequence each time, and instead of repeating, the card
> died.

I had one about 5 years ago. It worked pretty well, the timeout was about
one minute on this one. They have a habit of going out of sync, so the
software at the other end has to generate several numbers and resync itself.

One of the factors used in calcualting the number is the time. You also
do not see the entire number it generates. Part of the algorythym is choosing
the digits you see. I think the actual number generated was 14 digits,
but it was a long time ago, so I may be wrong.

Geoff.


-- 
Geoffrey S. Mendelson, Jerusalem, Israel gsm at mendelson.com  N3OWJ/4X1GM
IL Voice: (07)-7424-1667  Fax ONLY: 972-2-648-1443 U.S. Voice: 1-215-821-1838 
Visit my 'blog at http://geoffstechno.livejournal.com/



More information about the geeks mailing list