[Discuss] KeePassX

[Richard Pieri]

Bill Horne wrote:
> Schneier once put a picture of a SecureID token on his website: it was
> on a live-camera feed from an undisclosed location. He said that the
> funny thing was that, as long as the device's serial number wasn't
> disclosed, the thing was still secure.

Well, yeah. The codes the token displays aren't the key to the lock. The 
token's serial number is the key. It's also the seed to the PRNG that 
generates the codes.

Software tokens like the Google Authenticator app and the Blizzard 
Authenticator app work the same way.

-- 
Rich P.