It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
(visit the link for the full news article)
RSA Security will replace virtually every one of the 40 million SecurID tokens currently in use as a result of the hacking attack the company disclosed back in March. The EMC subsidiary issued a letter to customers acknowledging that SecurID failed to protect defense contractor Lockheed Martin, which last month reported a hack attempt.
SecurID tokens are used in two-factor authentication systems. Each user account is linked to a token, and each token generates a pseudo-random number that changes periodically, typically every 30 or 60 seconds. To log in, the user enters a username, password,
The exact sequence of numbers that a token generates is determined by a secret RSA-developed algorithm, and a seed value used to initialize the token
No matter how strong the keys are, if a hacker finds out what the keys are, then they don't provide any security.
Originally posted by THE_PROFESSIONAL
Yes I understand it but the implementation is not right. Why generate a seed at all. A secret algorithm is not a secure one. An algorithm's strength relies in its ability to have strong keys.
Yes, China claims to have the world's fastest supercomputer which uses lots of GPUs, they can do an incredible number of FLOPS. en.wikipedia.org...
Originally posted by Bramble Iceshimmer
I think I read where hackers were using GPUs to find hashed passwords in a few seconds to minutes. Don't remember how but the GPUs run rings around CPUs in computational power in many orders of magnitude.
Tianhe-1A is ranked on the TOP500 list as the fastest supercomputer at 2.6 petaFLOPS. It consists of 14,336 Intel Xeon CPUs and 7,168 Nvidia Tesla M2050 GPUs...
I don't know where you got that idea, maybe from RSA marketing material, back when they said they had an uncrackable system which has now been cracked?
Originally posted by grey580
Actually they aren't unencrypting passwords. AFAIK you can't unencrypt the hashed password.
Once it's connected, it's apparently hard to make security impossible to compromise, as this incident has shown. I once read that microsoft source code had been hacked from the internet. The first question I had was, why was that computer at Microsoft even connected to the internet? I see no reason for that. If they wanted to keep the source code secure, not connecting the computer with that information to the internet would be a good place to start.
The most secure computers are those not connected to the Internet...