-----
Cyno01 Sep 22nd 2010 6:19PM

@t0xic

Bullshit. This has been debunked 100 times, please stop spreading false information. An authenticator is nothing but a clock with an algorithm tied to the serial number to display the time in a non-standard manner. There is no cryptography in the device, its made in china and banks around the world use the exact same device without the blizzard sticker on it.
-----
You're both wrong. If cryptography import/export laws are an issue, it's likely to be another country's import laws that makes the Authenticators risky. The US laws have changed drastically over the years (although not completely unrestricted). There are some countries (including China - stark contrast considering Vasco's production) with very restrictive import laws. Although I have to wonder if the Authenticator creates a problem whether the WoW client and Warden wouldn't also be issues.

In any case... the debunking is bunk. The Authenticators are encryption devices. They do HMAC-SHA1 against a 160bit secret key and a time calculation (and then select a portion of the resulting hash to use for authentication). The secret is known by Blizzard's authentication server and your Authenticator. Your Authenticator's S/N is just a reference (S/N X = Key Y).

If you want to work out all the math for that, you can Google for HMAC-SHA1 and OATH HOTP. It's all much more complex than the "debunking" would make it appear (it's more complex than I make it appear).