BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] KeePassX

Subject: [Discuss] KeePassX
From: richard.pieri at gmail.com (Richard Pieri)
Date: Thu, 25 Jul 2013 22:52:47 -0400
In-reply-to: <51F1D182.2060302@horne.net>
References: <mailman.7.1374681603.26411.discuss@blu.org> <5a8adb7711b0b7e1e7d2c7494e0613dd.squirrel@webmail.ci.net> <51F02E44.1090706@borg.org> <51F03693.4060309@gmail.com> <51F1D182.2060302@horne.net>

Bill Horne wrote:
> Schneier once put a picture of a SecureID token on his website: it was
> on a live-camera feed from an undisclosed location. He said that the
> funny thing was that, as long as the device's serial number wasn't
> disclosed, the thing was still secure.

Well, yeah. The codes the token displays aren't the key to the lock. The 
token's serial number is the key. It's also the seed to the PRNG that 
generates the codes.

Software tokens like the Google Authenticator app and the Blizzard 
Authenticator app work the same way.

-- 
Rich P.

References:
- [Discuss] KeePassX
  - From: richb at pioneer.ci.net (Rich Braun)
- [Discuss] KeePassX
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] KeePassX
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] KeePassX
  - From: bill at horne.net (Bill Horne)

Prev by Date: [Discuss] KeePassX
Next by Date: [Discuss] password amnesia
Previous by thread: [Discuss] KeePassX
Next by thread: [Discuss] single sign-on
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org