RSA SecurID information

SecurID is a two-factor authentication system, developed by John Brainard, one of the founders of SecurDynamics. SecurID is now sold by RSA, EMC Security Division.

SecurID product homepage at RSA
Wikipedia article
mod_securid: SecurID authentication for Apache web server
SecurID integration with OpenSSH:
- Joerg Fritsch description of the Theo Schlossnagle patch;
- a (supposely better) implementation from Vaclav Tomec;
SecurID could also be integrated into Unix/Linux authentication system using PAM agent from RSA

Below is some information on the SecurID security. Some is outdated, as RSA does not use the "legacy" SecurID code generation algorithm.

 Name                         Description
 Cryptography-Digest.htm      
 DC1516_UTH_PG_34.gif         SecurID SID600 internal assembly
 Java_Authapi_5.0.3.zip       
 SecurID for Windows.ppt      
 SecuridWeaknesses.htm        Apparent Weaknesses in the Security Dynamics Client/Server Protocol by Adam Shostack
 brainard.htm                 John Brainard (RSA) response to SecuridWeaknesses.htm
 gates-shows-securid.jpg      
 initial_securid_analysis.pdf Initial SecurID cryptoanalysis by @Stake
 rr2001-04.pdf                General OTP schemes analysis by @Stake
 rsalabs_faq41.pdf            
 secureid.pdf                 Weaknesses in SecurID by PeiterZ at silence.secnet.com
 securid-water.jpg            SecurID token plunged in a glass of water
 securid05.pdf                Cryptanalysis of the Alleged SecurID Hash Function by Alex Biryukov, Joseph Lano and Bart Preneel
 sids.jpg

Vladimir Ivanov, ivlad@malpaso.ru
Last change: 12 November 2007, 12:45 MSD