[Discuss] KeePassX
Richard Pieri
richard.pieri at gmail.com
Thu Jul 25 22:52:47 EDT 2013
Bill Horne wrote:
> Schneier once put a picture of a SecureID token on his website: it was
> on a live-camera feed from an undisclosed location. He said that the
> funny thing was that, as long as the device's serial number wasn't
> disclosed, the thing was still secure.
Well, yeah. The codes the token displays aren't the key to the lock. The
token's serial number is the key. It's also the seed to the PRNG that
generates the codes.
Software tokens like the Google Authenticator app and the Blizzard
Authenticator app work the same way.
--
Rich P.
More information about the Discuss
mailing list