Lecture Notes in Computer Science vol:3006 pages:130-144
SAC 2003 date:August 14-15, 2003
The SecurID hash function is used for authenticating users to a corporate computer infrastructure. We analyse an alleged implementation of this hash function. The block cipher at the heart of the function can be broken in few milliseconds on a PC with 70 adaptively chosen plaintexts. The 64-bit secret key of 10% of the cards can be discovered given two months of token outputs and 2(48) analysis steps. A larger fraction of cards can be covered given more observation time.