Skip to Content
2-09-2010 @ 3:29AM
There are other ways of beating them, but those would require a brute-force attack that may be feasible in principle but probably isn't worth it in reality. In particular, you *could* gather multiple codes over time from a machine that was compromised with a keylogger, and do a brute-force attack to try to work out the token's private key. Once you have the private key, you can clone the token.I've not checked what crypto is used on the tokens, but to reassure people here before the headless chicken impressions start, with "standard" crypto techniques this kind of attack should take years or centuries, even if running on many thousands of computers at once. It's only a problem if for some reason the cryptographic techniques used in the tokens are weak, and that seems very unlikely given what else they're used for.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.