SecurlD tokens are developed by SDTI/RSA Security to authenticate users to a corporate computer infrastructure. In this paper we show the results of our analysis of the function contained in these tokens. The block cipher at the heart of the function can be broken in milliseconds. We present two attack scenarios on the full function: if one can observe the output of the device during some time period, one can predict with high probability future output values and one can recover the secret key significantly faster than by exhaustive search. (C) 2005 Elsevier Ltd. All rights reserved.